Why does SSL handshake give 'Could not generate DH keypair' exception?

前端 未结 21 778
梦如初夏
梦如初夏 2020-11-22 07:46

When I make an SSL connection with some IRC servers (but not others - presumably due to the server\'s preferred encryption method) I get the following exception:

<         


        
相关标签:
21条回答
  • 2020-11-22 08:33

    Solved the problem by upgrading to JDK 8.

    0 讨论(0)
  • 2020-11-22 08:34

    You can installing the provider dynamically:

    1) Download these jars:

    • bcprov-jdk15on-152.jar
    • bcprov-ext-jdk15on-152.jar

    2) Copy jars to WEB-INF/lib (or your classpath)

    3) Add provider dynamically:

    import org.bouncycastle.jce.provider.BouncyCastleProvider;

    ...

    Security.addProvider(new BouncyCastleProvider());

    0 讨论(0)
  • 2020-11-22 08:37

    This is a quite old post, but if you use Apache HTTPD, you can limit the DH size. See http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh

    0 讨论(0)
  • 2020-11-22 08:37

    We got the same exact exception error returned, to fix it was easy after hours surfing the internet.

    We downloaded the highest version of jdk we could find on oracle.com, installed it and pointed Jboss application server to the directory of the installed new jdk.

    Restarted Jboss, reprocessed, problemo fixed!!!

    0 讨论(0)
  • 2020-11-22 08:38

    You can disable DHE completely in your jdk, edit jre/lib/security/java.security and make sure DHE is disabled, eg. like

    jdk.tls.disabledAlgorithms=SSLv3, DHE.

    0 讨论(0)
  • 2020-11-22 08:40

    Recently I have the same issue and after upgrading jdk version from 1.6.0_45 to jdk1.7.0_191 which resolved the issue.

    0 讨论(0)
提交回复
热议问题