When I make an SSL connection with some IRC servers (but not others – presumably due to the server’s preferred encryption method) I get the following exception:
Caused by: java.lang.RuntimeException: Could not generate DH keypair at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:106) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:556) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:183) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165) 3 moreFinal cause:
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA13*..) at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:627) at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:100) 10 moreAn example of a server that demonstrates this problem is aperture.esper.net:6697 (this is an IRC server). An example of a server that does not demonstrate the problem is kornbluth.freenode.net:6697. [Not surprisingly, all servers on each network share the same respective behaviour.]
My code (which as noted does work when connecting to some SSL servers) is:
SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new SecureRandom()); s = (SSLSocket)sslContext.getSocketFactory().createSocket(); s.connect(new InetSocketAddress(host, port), timeout); s.setSoTimeout(0); ((SSLSocket)s).startHandshake();It’s that last startHandshake that throws the exception. And yes there is some magic going on with the ‘trustAllCerts’; that code forces the SSL system not to validate certs. (So… not a cert problem.)
Obviously one possibility is that esper’s server is misconfigured, but I searched and didn’t find any other references to people having problems with esper’s SSL ports, and ‘openssl’ connects to it (see below). So I’m wondering if this is a limitation of Java default SSL support, or something. Any suggestions?
Here’s what happens when I connect to aperture.esper.net 6697 using ‘openssl’ from commandline:
~ $ openssl s_client -connect aperture.esper.net:6697CONNECTED(00000003)depth=0 /C=GB/ST=England/L=London/O=EsperNet/OU=aperture.esper.net/CN=*.esper.net/emailAddress=support@esper.netverify error:num=18:self signed certificateverify return:1depth=0 /C=GB/ST=England/L=London/O=EsperNet/OU=aperture.esper.net/CN=*.esper.net/emailAddress=support@esper.netverify return:1---Certificate chain 0 s:/C=GB/ST=England/L=London/O=EsperNet/OU=aperture.esper.net/CN=*.esper.net/emailAddress=support@esper.net i:/C=GB/ST=England/L=London/O=EsperNet/OU=aperture.esper.net/CN=*.esper.net/emailAddress=support@esper.net---Server certificate-----BEGIN CERTIFICATE-----[There was a certificate here, but I deleted it to save space]-----END CERTIFICATE-----subject=/C=GB/ST=England/L=London/O=EsperNet/OU=aperture.esper.net/CN=*.esper.net/emailAddress=support@esper.netissuer=/C=GB/ST=England/L=London/O=EsperNet/OU=aperture.esper.net/CN=*.esper.net/emailAddress=support@esper.net---No client certificate CA names sent---SSL handshake has read 2178 bytes and written 468 bytes---New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHAServer public key is 2048 bitSecure Renegotiation IS supportedCompression: NONEExpansion: NONESSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 51F1D40A1B044700365D3BD1C61ABC745FB0C347A334E1410946DCB5EFE37AFD Session-ID-ctx: Master-Key: DF8194F6A60B073E049C87284856B5561476315145B55E35811028C4D97F77696F676DB019BB6E271E9965F289A99083 Key-Arg : None Start Time: 1311801833 Timeout : 300 (sec) Verify return code: 18 (self signed certificate)---As noted, after all that, it does connect successfully which is more than you can say for my Java app.
Should it be relevant, I’m using OS X 10.6.8, Java version 1.6.0_26.
Advertisement
Answer
The problem is the prime size. The maximum-acceptable size that Java accepts is 1024 bits. This is a known issue (see JDK-6521495).
The bug report that I linked to mentions a workaround using BouncyCastle’s JCE implementation. Hopefully that should work for you.
UPDATE
This was reported as bug JDK-7044060 and fixed recently.
Note, however, that the limit was only raised to 2048 bit. For sizes > 2048 bit, there is JDK-8072452 – Remove the maximum prime size of DH Keys; the fix appears to be for 9.