javax.net.ssl.SSLException

There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • When trying to use the {{org.opennms.core.web.HttpClientWrapper}} class to make an HTTPS client connection to a server supporting high-strength cipher suites, I get the following exception stack trace: {noformat} javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906) ~[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889) ~[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410) ~[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:1.8.0_65] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) ~[httpclient-4.3.6.jar:4.3.6] at org.opennms.netmgt.notifd.MattermostNotificationStrategy.send(MattermostNotificationStrategy.java:111) [opennms-services-18.0.0-SNAPSHOT.jar:?] at org.opennms.netmgt.notifd.ClassExecutor.execute(ClassExecutor.java:69) [opennms-services-18.0.0-SNAPSHOT.jar:?] at org.opennms.netmgt.notifd.NotificationTask.run(NotificationTask.java:269) [opennms-services-18.0.0-SNAPSHOT.jar:?] Caused by: java.lang.RuntimeException: Could not generate DH keypair at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:81) ~[?:1.8.0_65] at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:721) ~[?:1.8.0_65] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:281) ~[?:1.8.0_65] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_65] at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_65] ... 16 more Caused by: java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec at org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown Source) ~[bcprov-jdk14-1.38.jar:1.38.0] at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:76) ~[?:1.8.0_65] at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:721) ~[?:1.8.0_65] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:281) ~[?:1.8.0_65] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_65] at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_65] ... 16 more {noformat} The bouncycastle JCE provider appears to be taking precedence over the JDK-provided one, resulting in this problem. Removing the {{bcprov}} JAR from OPENNMS_HOME/lib enables the connections to succeed. We appear to have picked up an undeclared dependency on the following artifacts from group {{bouncycastle}} * {{bcmail-jdk14}} * {{bcprov-jdk14}} * {{bctsp-jdk14}} We have existing exclusions in the {{dependencies/jasper}} POM for {{bcmail}} and {{bcprov}}. Somebody thought iText could be the culprit.
    via by Jeff Gehlbach,
  • Bouncy Castle with Play 2.4.4
    via by Harshana Gurusingha,
  • HttpClient SSLException
    via Stack Overflow by riship89
    ,
    • javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906)[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889)[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410)[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)[?:1.8.0_65] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290)[httpclient-4.3.6.jar:4.3.6] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259)[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125)[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319)[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)[httpclient-4.3.6.jar:4.3.6] at org.opennms.netmgt.notifd.MattermostNotificationStrategy.send(MattermostNotificationStrategy.java:111)[opennms-services-18.0.0-SNAPSHOT.jar:?] at org.opennms.netmgt.notifd.ClassExecutor.execute(ClassExecutor.java:69)[opennms-services-18.0.0-SNAPSHOT.jar:?] at org.opennms.netmgt.notifd.NotificationTask.run(NotificationTask.java:269)[opennms-services-18.0.0-SNAPSHOT.jar:?] Caused by: java.lang.RuntimeException: Could not generate DH keypair at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:81)[?:1.8.0_65] at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:721)[?:1.8.0_65] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:281)[?:1.8.0_65] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)[?:1.8.0_65] at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)[?:1.8.0_65] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)[?:1.8.0_65] ... 16 more Caused by: java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec at org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown Source)[bcprov-jdk14-1.38.jar:1.38.0] at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:76)[?:1.8.0_65] ... 23 more
    No Bugmate found.