I have a first app witch is a fat client app, running under windows 7 with a jdk version of 1.7.0_79, trying to access a web php nginx app resource with an https connection. I first got the following error :
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:136)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:688)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:261)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
... 48 more
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:658)
at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:127)
... 55 more
which was due, from posts i read and my understanding, to restrictions to certificates length in java 7 security and earlier. I tried with the java JCE provider (copied localpolicy and US_export_policy jars) and still got the same error. I then found out about the BouncyCastle JCE provider (bcprov-jdk16-1.45.jar) after i made updates as described here : https://docs.oracle.com/cd/E19830-01/819-4712/ablsc/index.html, got a new error :
Caused by: javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 64
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1862)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1845)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1366)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1092)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
...
Caused by: java.lang.ArrayIndexOutOfBoundsException: 64
at com.sun.crypto.provider.TlsPrfGenerator.expand(TlsPrfGenerator.java:275)
at com.sun.crypto.provider.TlsPrfGenerator.doTLS10PRF(TlsPrfGenerator.java:247)
at com.sun.crypto.provider.TlsPrfGenerator.doTLS10PRF(TlsPrfGenerator.java:219)
at com.sun.crypto.provider.TlsMasterSecretGenerator.engineGenerateKey(TlsMasterSecretGenerator.java:108)
at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:530)
at sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1086)
at sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1032)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1011)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:341)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
... 48 more
I have seen some posts about this error but couldn't figure out the reason of the problem neither how to solve it. Note that with jdk1.8.0_45 it works fine, but we can't migrate to version 8. Any ideas ?
UPDATE We Have another web app accessing the same resource and running in server with jdk 1.7.0_95 installed, but don't know where to download that version.
