javax.net.ssl.SSLHandshakeException: Could not generate secret

Jenkins JIRA | Josh Toft | 1 year ago
  1. 0

    slave's cannot connect to jenkins servers with ECDH* SSL configurations via https Replacing the bc* libraries in war/WEB-INF/lib/ *bcprov-jdk15on-1.47.jar* with *bcprov-jdk15on-152.jar* allows all connections to work with and without ECDH connections. Upgrading the instance identity module (https://github.com/jenkinsci/instance-identity-module) to bouncycastle 1.52 should resolve this I think, I'm not aware of any other things that include bcprov in core. Additionally, ssh-agent-plugin has a patch to fix the same issue for that plugin: https://github.com/jenkinsci/ssh-agent-plugin/pull/8 And below is an example error of such a failed connection, although not specifically with a slave. {code} Caught exception while notifying Stash with id 695c0a35657a11c973a904ff993cd873b7283e1b javax.net.ssl.SSLHandshakeException: Could not generate secret at sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:99) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1045) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) at org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:338) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.jenkinsci.plugins.stashNotifier.StashNotifier.notifyStash(StashNotifier.java:556) at org.jenkinsci.plugins.stashNotifier.StashNotifier.processJenkinsEvent(StashNotifier.java:207) at org.jenkinsci.plugins.stashNotifier.StashNotifier.prebuild(StashNotifier.java:160) at hudson.model.AbstractBuild$AbstractBuildExecution.preBuild(AbstractBuild.java:834) at hudson.model.AbstractBuild$AbstractBuildExecution.preBuild(AbstractBuild.java:829) at hudson.model.Build$BuildExecution.doRun(Build.java:144) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:537) at hudson.model.Run.execute(Run.java:1741) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:381) Caused by: java.security.InvalidKeyException: ECDH key agreement requires ECPublicKey for doPhase at org.bouncycastle.jcajce.provider.asymmetric.ec.KeyAgreementSpi.engineDoPhase(Unknown Source) at javax.crypto.KeyAgreement.doPhase(KeyAgreement.java:567) at sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:96) ... 32 more {code}

    Jenkins JIRA | 1 year ago | Josh Toft
    javax.net.ssl.SSLHandshakeException: Could not generate secret
  2. 0

    Currently when connecting to ECDHE-RSA-* servers I was getting errors. Upgrading to bouncycastle 1.52 resolves these Below is an example exception; seen via the stash-notification-plugin, and ssh-agent-plugin {code} javax.net.ssl.SSLHandshakeException: Could not generate secret at sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:99) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1045) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) at org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:338) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.jenkinsci.plugins.stashNotifier.StashNotifier.notifyStash(StashNotifier.java:556) at org.jenkinsci.plugins.stashNotifier.StashNotifier.processJenkinsEvent(StashNotifier.java:207) at org.jenkinsci.plugins.stashNotifier.StashNotifier.prebuild(StashNotifier.java:160) at hudson.model.AbstractBuild$AbstractBuildExecution.preBuild(AbstractBuild.java:834) at hudson.model.AbstractBuild$AbstractBuildExecution.preBuild(AbstractBuild.java:829) at hudson.model.Build$BuildExecution.doRun(Build.java:144) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:537) at hudson.model.Run.execute(Run.java:1741) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:381) Caused by: java.security.InvalidKeyException: ECDH key agreement requires ECPublicKey for doPhase at org.bouncycastle.jcajce.provider.asymmetric.ec.KeyAgreementSpi.engineDoPhase(Unknown Source) at javax.crypto.KeyAgreement.doPhase(KeyAgreement.java:567) at sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:96) ... 32 more {code}

    Jenkins JIRA | 1 year ago | Josh Toft
    javax.net.ssl.SSLHandshakeException: Could not generate secret
  3. 0

    slave's cannot connect to jenkins servers with ECDH* SSL configurations via https Replacing the bc* libraries in war/WEB-INF/lib/ *bcprov-jdk15on-1.47.jar* with *bcprov-jdk15on-152.jar* allows all connections to work with and without ECDH connections. Upgrading the instance identity module (https://github.com/jenkinsci/instance-identity-module) to bouncycastle 1.52 should resolve this I think, I'm not aware of any other things that include bcprov in core. Additionally, ssh-agent-plugin has a patch to fix the same issue for that plugin: https://github.com/jenkinsci/ssh-agent-plugin/pull/8 And below is an example error of such a failed connection, although not specifically with a slave. {code} Caught exception while notifying Stash with id 695c0a35657a11c973a904ff993cd873b7283e1b javax.net.ssl.SSLHandshakeException: Could not generate secret at sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:99) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1045) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) at org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:338) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.jenkinsci.plugins.stashNotifier.StashNotifier.notifyStash(StashNotifier.java:556) at org.jenkinsci.plugins.stashNotifier.StashNotifier.processJenkinsEvent(StashNotifier.java:207) at org.jenkinsci.plugins.stashNotifier.StashNotifier.prebuild(StashNotifier.java:160) at hudson.model.AbstractBuild$AbstractBuildExecution.preBuild(AbstractBuild.java:834) at hudson.model.AbstractBuild$AbstractBuildExecution.preBuild(AbstractBuild.java:829) at hudson.model.Build$BuildExecution.doRun(Build.java:144) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:537) at hudson.model.Run.execute(Run.java:1741) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:381) Caused by: java.security.InvalidKeyException: ECDH key agreement requires ECPublicKey for doPhase at org.bouncycastle.jcajce.provider.asymmetric.ec.KeyAgreementSpi.engineDoPhase(Unknown Source) at javax.crypto.KeyAgreement.doPhase(KeyAgreement.java:567) at sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:96) ... 32 more {code}

    Jenkins JIRA | 1 year ago | Josh Toft
    javax.net.ssl.SSLHandshakeException: Could not generate secret
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Currently when connecting to ECDHE-RSA-* servers I was getting errors. Upgrading to bouncycastle 1.52 resolves these Below is an example exception; seen via the stash-notification-plugin, and ssh-agent-plugin {code} javax.net.ssl.SSLHandshakeException: Could not generate secret at sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:99) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1045) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) at org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:338) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.jenkinsci.plugins.stashNotifier.StashNotifier.notifyStash(StashNotifier.java:556) at org.jenkinsci.plugins.stashNotifier.StashNotifier.processJenkinsEvent(StashNotifier.java:207) at org.jenkinsci.plugins.stashNotifier.StashNotifier.prebuild(StashNotifier.java:160) at hudson.model.AbstractBuild$AbstractBuildExecution.preBuild(AbstractBuild.java:834) at hudson.model.AbstractBuild$AbstractBuildExecution.preBuild(AbstractBuild.java:829) at hudson.model.Build$BuildExecution.doRun(Build.java:144) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:537) at hudson.model.Run.execute(Run.java:1741) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:381) Caused by: java.security.InvalidKeyException: ECDH key agreement requires ECPublicKey for doPhase at org.bouncycastle.jcajce.provider.asymmetric.ec.KeyAgreementSpi.engineDoPhase(Unknown Source) at javax.crypto.KeyAgreement.doPhase(KeyAgreement.java:567) at sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:96) ... 32 more {code}

    Jenkins JIRA | 1 year ago | Josh Toft
    javax.net.ssl.SSLHandshakeException: Could not generate secret

    4 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.security.InvalidKeyException

      ECDH key agreement requires ECPublicKey for doPhase

      at org.bouncycastle.jcajce.provider.asymmetric.ec.KeyAgreementSpi.engineDoPhase()
    2. Bouncy Castle Provider
      KeyAgreementSpi.engineDoPhase
      1. org.bouncycastle.jcajce.provider.asymmetric.ec.KeyAgreementSpi.engineDoPhase(Unknown Source)
      1 frame
    3. Android Platform
      KeyAgreement.doPhase
      1. javax.crypto.KeyAgreement.doPhase(KeyAgreement.java:567)
      1 frame
    4. Java JSSE
      SSLSocketImpl.startHandshake
      1. sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:96)
      2. sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1045)
      3. sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
      4. sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
      5. sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
      6. sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
      7. sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
      8. sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
      9. sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
      9 frames
    5. Apache HttpClient
      CloseableHttpClient.execute
      1. org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
      2. org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
      3. org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
      4. org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:338)
      5. org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
      6. org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
      7. org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
      8. org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
      9. org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
      10. org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
      11. org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
      12. org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
      13. org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
      13 frames
    6. org.jenkinsci.plugins
      StashNotifier.prebuild
      1. org.jenkinsci.plugins.stashNotifier.StashNotifier.notifyStash(StashNotifier.java:556)
      2. org.jenkinsci.plugins.stashNotifier.StashNotifier.processJenkinsEvent(StashNotifier.java:207)
      3. org.jenkinsci.plugins.stashNotifier.StashNotifier.prebuild(StashNotifier.java:160)
      3 frames
    7. Hudson
      Executor.run
      1. hudson.model.AbstractBuild$AbstractBuildExecution.preBuild(AbstractBuild.java:834)
      2. hudson.model.AbstractBuild$AbstractBuildExecution.preBuild(AbstractBuild.java:829)
      3. hudson.model.Build$BuildExecution.doRun(Build.java:144)
      4. hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:537)
      5. hudson.model.Run.execute(Run.java:1741)
      6. hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
      7. hudson.model.ResourceController.execute(ResourceController.java:98)
      8. hudson.model.Executor.run(Executor.java:381)
      8 frames