-
Bug
-
Resolution: Fixed
-
P2
-
5.0
-
beta
-
x86
-
linux
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2125667 | 5.0u7 | Andreas Sterbenz | P2 | Resolved | Fixed | b01 |
FULL PRODUCT VERSION :
java version "1.5.0_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_02-b09)
Java HotSpot(TM) Client VM (build 1.5.0_02-b09, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Linux xxxxxxxxxxxxx 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686 i686 i386 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
Using code that has been working for several releases, we are unable to open an SSL connection under Java 1.5. The same code connects when run from a Java 1.4.2 runtime.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Start an openssl server. I've used the following command line on the linux box described:
$ openssl s_server -cipher ADH-RC4-MD5:EXP-ADH-RC4-MD5 -accept 8443 -HTTP -cert server.pem
2) Compile and run the simple client code, passing on the command line the IP and port of the SSL server
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
$ java -version
java version "1.4.2_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_06-b03)
Java HotSpot(TM) Client VM (build 1.4.2_06-b03, mixed mode)
$ java Client <host> <port>
HTTP/1.0 200 okContent-type: text/plainError accessing ''
ACTUAL -
See Error Message(s) below
ERROR MESSAGES/STACK TRACES THAT OCCUR :
$ java -version
java version "1.5.0_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_02-b09)
Java HotSpot(TM) Client VM (build 1.5.0_02-b09, mixed mode, sharing)
$ java Client 172.26.5.145 8443
Exception in thread "main" javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1443)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1426)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
at java.io.BufferedWriter.flush(BufferedWriter.java:236)
at Client.main(Client.java:48)
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.java:137)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.getDHephemeral(ClientHandshaker.java:370)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:385)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:121)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
... 7 more
Caused by: java.security.InvalidAlgorithmParameterException: Exponent value must be less than (modulus value -1)
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA6275)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:609)
at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:351)
at com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.java:123)
... 16 more
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.net.*;
import java.io.*;
import javax.net.*;
import javax.net.ssl.*;
import java.util.*;
import java.security.*;
public class Client {
public static void main(String argv[]) throws Exception {
if (argv.length != 2) {
System.out.println("Usage: java Client host port ");
System.exit(0);
}
int port = Integer.parseInt( argv[1] );
String host = argv[0];
// Get a Socket factory
SocketFactory factory = SSLSocketFactory.getDefault();
// Get Socket from factory
SSLSocket socket = (SSLSocket)factory.createSocket( host, port );
// Limit the available cipher suites.
String[] cipherSuites = {
"SSL_DH_anon_WITH_RC4_128_MD5",
};
socket.setEnabledCipherSuites( cipherSuites );
// Open connection and write some data.
BufferedWriter out = new BufferedWriter( new OutputStreamWriter(socket.getOutputStream()) );
BufferedReader in = new BufferedReader( new InputStreamReader(socket.getInputStream()) );
out.write("GET / HTTP/1.0\n\n");
out.flush();
// Dump response to console.
String line;
StringBuffer sb = new StringBuffer();
while((line = in.readLine()) != null) {
sb.append(line);
}
out.close();
in.close();
System.out.println(sb.toString());
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
None found: we cannot use Java 1.5 until this is resolved
Release Regression From : 1.4.1
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
Release Regression From : 1.4.2
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
Release Regression From : 5.0
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
###@###.### 2005-04-26 20:03:14 GMT
java version "1.5.0_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_02-b09)
Java HotSpot(TM) Client VM (build 1.5.0_02-b09, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Linux xxxxxxxxxxxxx 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686 i686 i386 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
Using code that has been working for several releases, we are unable to open an SSL connection under Java 1.5. The same code connects when run from a Java 1.4.2 runtime.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Start an openssl server. I've used the following command line on the linux box described:
$ openssl s_server -cipher ADH-RC4-MD5:EXP-ADH-RC4-MD5 -accept 8443 -HTTP -cert server.pem
2) Compile and run the simple client code, passing on the command line the IP and port of the SSL server
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
$ java -version
java version "1.4.2_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_06-b03)
Java HotSpot(TM) Client VM (build 1.4.2_06-b03, mixed mode)
$ java Client <host> <port>
HTTP/1.0 200 okContent-type: text/plainError accessing ''
ACTUAL -
See Error Message(s) below
ERROR MESSAGES/STACK TRACES THAT OCCUR :
$ java -version
java version "1.5.0_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_02-b09)
Java HotSpot(TM) Client VM (build 1.5.0_02-b09, mixed mode, sharing)
$ java Client 172.26.5.145 8443
Exception in thread "main" javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1443)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1426)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
at java.io.BufferedWriter.flush(BufferedWriter.java:236)
at Client.main(Client.java:48)
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.java:137)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.getDHephemeral(ClientHandshaker.java:370)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:385)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:121)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
... 7 more
Caused by: java.security.InvalidAlgorithmParameterException: Exponent value must be less than (modulus value -1)
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA6275)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:609)
at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:351)
at com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.java:123)
... 16 more
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.net.*;
import java.io.*;
import javax.net.*;
import javax.net.ssl.*;
import java.util.*;
import java.security.*;
public class Client {
public static void main(String argv[]) throws Exception {
if (argv.length != 2) {
System.out.println("Usage: java Client host port ");
System.exit(0);
}
int port = Integer.parseInt( argv[1] );
String host = argv[0];
// Get a Socket factory
SocketFactory factory = SSLSocketFactory.getDefault();
// Get Socket from factory
SSLSocket socket = (SSLSocket)factory.createSocket( host, port );
// Limit the available cipher suites.
String[] cipherSuites = {
"SSL_DH_anon_WITH_RC4_128_MD5",
};
socket.setEnabledCipherSuites( cipherSuites );
// Open connection and write some data.
BufferedWriter out = new BufferedWriter( new OutputStreamWriter(socket.getOutputStream()) );
BufferedReader in = new BufferedReader( new InputStreamReader(socket.getInputStream()) );
out.write("GET / HTTP/1.0\n\n");
out.flush();
// Dump response to console.
String line;
StringBuffer sb = new StringBuffer();
while((line = in.readLine()) != null) {
sb.append(line);
}
out.close();
in.close();
System.out.println(sb.toString());
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
None found: we cannot use Java 1.5 until this is resolved
Release Regression From : 1.4.1
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
Release Regression From : 1.4.2
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
Release Regression From : 5.0
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
###@###.### 2005-04-26 20:03:14 GMT
- backported by
-
JDK-2125667 REGRESSION: Cannot generate DH key pair w/ SSL_DH_anon_WITH_RC4_128_MD5
-
- Resolved
-