0

I have a java program and it send mails to the users. Since 1 week the mails doesn't been send anymore. I didn't change anything, but now I get this error:

connexion failed: Exception reading response;
  nested exception is:
    javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
Exception in thread "main" java.lang.RuntimeException: javax.mail.MessagingException: Exception reading response;
  nested exception is:
    javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
    at Launcher$Connexion.<init>(Launcher.java:33)
    at Launcher.main(Launcher.java:52)
Caused by: javax.mail.MessagingException: Exception reading response;
  nested exception is:
    javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
    at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1407)
    at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1205)
    at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:322)
    at javax.mail.Service.connect(Service.java:236)
    at javax.mail.Service.connect(Service.java:137)
    at Launcher$Connexion.<init>(Launcher.java:28)

I contacted fastmail (mailing server) and they say that the insecure cert is self-signed, and does not expire until 2021.

So I don't know what the problem is.

Bigjo
  • 613
  • 2
  • 10
  • 32

1 Answers1

1

Please add DH parameter limits to the certificate of target server. Custom DH parameters by using openssl dhparam command should be generated and applied with the SSLCertificateFile directive. Please note that the custom DH parameters with a 1024-bit prime will always have precedence over any of the built-in DH parameters.

You should update your Java version to at least version 8 as the 1024-bit restriction should have been lifted to accept 2048-bit parameters.

Please see: Java: Why does SSL handshake give 'Could not generate DH keypair' exception?

Eray Balkanli
  • 7,752
  • 11
  • 48
  • 82