All geek questions in one place

HttpClient SSLException

I am trying to send an https request to a web service and after several successful attempts, I start to receive this error sequentially. What does this error mean, and why is this happening for the first time.

javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1842) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1825) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1751) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:127) at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131) at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138) at org.apache.http.impl.io.ContentLengthOutputStream.flush(ContentLengthOutputStream.java:102) at org.apache.http.entity.StringEntity.writeTo(StringEntity.java:94) at org.apache.http.entity.HttpEntityWrapper.writeTo(HttpEntityWrapper.java:96) at org.apache.http.impl.client.EntityEnclosingRequestWrapper$EntityWrapper.writeTo(EntityEnclosingRequestWrapper.java:108) at org.apache.http.impl.entity.EntitySerializer.serialize(EntitySerializer.java:120) at org.apache.http.impl.AbstractHttpClientConnection.sendRequestEntity(AbstractHttpClientConnection.java:263) at org.apache.http.impl.conn.AbstractClientConnAdapter.sendRequestEntity(AbstractClientConnAdapter.java:227) at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:255) at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123) at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:622) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:454) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:941) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:919) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:910) at com.nim.service.push.exacttarget.ExactTargetPushService.sendMessageContacts(ExactTargetPushService.java:208) at com.nim.service.push.exacttarget.ExactTargetPushService.sendPushNotification(ExactTargetPushService.java:106) at com.nim.domain.push.PushManager.pushHelper(PushManager.java:91) at com.nim.domain.push.PushManager.pushEntitlementChange(PushManager.java:40) at com.nim.domain.push.PushManager.pushEntitlementChange(PushManager.java:36) at com.nim.domain.push.PushManager.pushEntitlementChange(PushManager.java:51) at com.nim.batch.entitlement.SubscriptionEntitlementWriter.pushClientNotifications(SubscriptionEntitlementWriter.java:161) at com.nim.batch.entitlement.SubscriptionEntitlementReader.retrievePage(SubscriptionEntitlementReader.java:71) at com.nim.batch.entitlement.SubscriptionEntitlementReader.retrievePage(SubscriptionEntitlementReader.java:1) at com.nim.batch.entitlement.EntitlementPagedDifferentialReader.read(EntitlementPagedDifferentialReader.java:96) at sun.reflect.GeneratedMethodAccessor96.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131) at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy77.read(Unknown Source) at org.springframework.batch.core.step.item.SimpleChunkProvider.doRead(SimpleChunkProvider.java:90) at org.springframework.batch.core.step.item.FaultTolerantChunkProvider.read(FaultTolerantChunkProvider.java:87) at org.springframework.batch.core.step.item.SimpleChunkProvider$1.doInIteration(SimpleChunkProvider.java:108) at org.springframework.batch.repeat.support.RepeatTemplate.getNextResult(RepeatTemplate.java:367) at org.springframework.batch.repeat.support.RepeatTemplate.executeInternal(RepeatTemplate.java:214) at org.springframework.batch.repeat.support.RepeatTemplate.iterate(RepeatTemplate.java:143) at org.springframework.batch.core.step.item.SimpleChunkProvider.provide(SimpleChunkProvider.java:103) at org.springframework.batch.core.step.item.ChunkOrientedTasklet.execute(ChunkOrientedTasklet.java:68) at org.springframework.batch.core.step.tasklet.TaskletStep$ChunkTransactionCallback.doInTransaction(TaskletStep.java:386) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130) at org.springframework.batch.core.step.tasklet.TaskletStep$2.doInChunkContext(TaskletStep.java:264) at org.springframework.batch.core.scope.context.StepContextRepeatCallback.doInIteration(StepContextRepeatCallback.java:76) at org.springframework.batch.repeat.support.RepeatTemplate.getNextResult(RepeatTemplate.java:367) at org.springframework.batch.repeat.support.RepeatTemplate.executeInternal(RepeatTemplate.java:214) at org.springframework.batch.repeat.support.RepeatTemplate.iterate(RepeatTemplate.java:143) at org.springframework.batch.core.step.tasklet.TaskletStep.doExecute(TaskletStep.java:250) at org.springframework.batch.core.step.AbstractStep.execute(AbstractStep.java:195) at org.springframework.batch.core.job.SimpleStepHandler.handleStep(SimpleStepHandler.java:135) at org.springframework.batch.core.job.flow.JobFlowExecutor.executeStep(JobFlowExecutor.java:61) at org.springframework.batch.core.job.flow.support.state.StepState.handle(StepState.java:60) at org.springframework.batch.core.job.flow.support.SimpleFlow.resume(SimpleFlow.java:144) at org.springframework.batch.core.job.flow.support.SimpleFlow.start(SimpleFlow.java:124) at org.springframework.batch.core.job.flow.FlowJob.doExecute(FlowJob.java:135) at org.springframework.batch.core.job.AbstractJob.execute(AbstractJob.java:281) at org.springframework.batch.core.launch.support.SimpleJobLauncher$1.run(SimpleJobLauncher.java:120) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.RuntimeException: Could not generate DH keypair at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:80) at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:692) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:274) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:878) at sun.security.ssl.Handshaker.process_record(Handshaker.java:814) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) ... 64 more Caused by: java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec at org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown Source) at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:75) ... 72 more
+5
source share
3 answers

I had the same problem. This article helped me: http://iwang.imtqy.com/support/2014/03/14/cxf-cause-https-error.html

Essentially, the problem is that you are using the Bouncy Castle JDK1.4 libraries instead of the later 1.5 libraries.

To fix the problem, I completely uninstalled Bouncy Castle. I found that it was being drawn in by an unrelated library, so I added the following to the dependency in the pom.xml file:

 <exclusions> <exclusion> <groupId>bouncycastle</groupId> <artifactId>bcmail-jdk14</artifactId> </exclusion> <exclusion> <groupId>bouncycastle</groupId> <artifactId>bcprov-jdk14</artifactId> </exclusion> <exclusion> <groupId>bouncycastle</groupId> <artifactId>bctsp-jdk14</artifactId> </exclusion> <exclusions>

If you cannot remove it, I suggest updating the jdk15 libraries.

Explanation from a related article:

Java 1.5 introduced a change in the cryptography API with an elliptic curve. If you use the Java Cryptography Extension (JCE)> provider designed for Java 1.4 or earlier, it will not support this new API change and there may be errors with Diffie-Hellman-based ciphers when using SSL. SSL Execution attempts to set up elliptic curve cryptography with an ECGenParameterSpec object. This object was not added before Java 1.5: http://docs.oracle.com/javase/7/docs/api/java/security/spec/ECGenParameterSpec.html (Pay attention to the "Since" line).

For example, bcprov-jdk14-131-1.0.jar is Bouncy Castle, which is one such provider. This version of the provider is for JDK 1.4. Bouncy Castle provides different libraries for each level of the JDK.

+14
source

I had this problem for a while. I managed to work fine after upgrading from bcprov-jdk14 to bcprov-jdk15

+4
source

I ran into this problem and couldn’t use BC15 as we have previous support for some 1.4 clients (old Unix OS clients). Given this limitation, I was able to solve the problem by including the ECGenParameterSpec.java class in the java.security.spec package. Do not copy the Java version from 1.5 sources; He is the author of Oracle worldwide. Here is an example implementation that is licensed by Apache. As you can see, the class is not very complicated, and I'm sure you can write your own.

https://android.googlesource.com/platform/libcore/+/a47f800/luni/src/main/java/java/security/spec/ECGenParameterSpec.java

 /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package java.security.spec; /** * The parameter specification used to generate elliptic curve domain parameters. */ public class ECGenParameterSpec implements AlgorithmParameterSpec { // Standard (or predefined) name for EC domain // parameters to be generated private final String name; /** * Creates a new {@code ECGenParameterSpec} with the specified standard or * predefined name of the to-be-generated domain parameter. * * @param name * the name of the elliptic curve domain parameter. */ public ECGenParameterSpec(String name) { this.name = name; if (this.name == null) { throw new NullPointerException(); } } /** * Returns the name (standard or predefined) of the to-be-generated elliptic * curve domain parameter. * * @return the name */ public String getName() { return name; } }

By including this file in your project sources (excluding from proguard, etc., if you need to), and you are set up (at least for this error).

0
source

Source: https://habr.com/ru/post/1206308/

More articles:


All Articles