[JBoss JIRA] (JBIDE-18454) Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
by Andre Dietisheim (JIRA)
[ https://issues.jboss.org/browse/JBIDE-18454?page=com.atlassian.jira.plugi... ]
Andre Dietisheim edited comment on JBIDE-18454 at 9/30/14 8:34 AM:
-------------------------------------------------------------------
Apparently the problem is lacking support for DHE keys < 1024 bits. In Sun jdk this was fixed in 2013 while openjdk is still not corrected.
In http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-gi... the solution they found was to remove the *DHE* cypher and force using a different cypher (example below is using bouncy castle):
{code:title=http://stackoverflow.com/a/6862383/231357}
List<String> limited = new LinkedList<String>();
for(String suite : ((SSLSocket)s).getEnabledCipherSuites())
{
if(!suite.contains("_DHE_"))
{
limited.add(suite);
}
}
((SSLSocket)s).setEnabledCipherSuites(limited.toArray(
new String[limited.size()]));
{code}
was (Author: adietish):
Apparently the problem is lacking support for DHE keys < 1024 bits. In Sun jdk this was fixed in 2013 while openjdk is still not corrected.
In http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-gi... the solution they found was to remove the *DHE* cypher and force using a different cypher.
> Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: JBIDE-18454
> URL: https://issues.jboss.org/browse/JBIDE-18454
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.2.0.CR1
> Reporter: Andre Dietisheim
> Priority: Blocker
>
> In https://bugzilla.redhat.com/show_bug.cgi?id=1145848 openshift-java-client cant connect to OpenShift running on RHEL 6.6 when using openjdk. We have to verify that this affects the Eclipse based tooling (that's also using openshift-java-client)
> {code}
> java.io.IOException: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> at hudson.plugins.openshift.OpenShiftCloud.getOpenShiftConnection(OpenShiftCloud.java:186)
> at hudson.plugins.openshift.OpenShiftCloud.getSlaves(OpenShiftCloud.java:877)
> at hudson.plugins.openshift.OpenShiftCloud.provisionSlave(OpenShiftCloud.java:451)
> at hudson.plugins.openshift.OpenShiftCloud.provision(OpenShiftCloud.java:413)
> at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:281)
> at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:51)
> at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:368)
> at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:54)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years
[JBoss JIRA] (JBIDE-18454) Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
by Andre Dietisheim (JIRA)
[ https://issues.jboss.org/browse/JBIDE-18454?page=com.atlassian.jira.plugi... ]
Andre Dietisheim commented on JBIDE-18454:
------------------------------------------
Apparently the problem is lacking support for DHE keys < 1024 bits. In Sun jdk this was fixed in 2013 while openjdk is still not corrected.
In http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-gi... the solution they found was to remove the *DHE* cypher and force using a different cypher.
> Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: JBIDE-18454
> URL: https://issues.jboss.org/browse/JBIDE-18454
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.2.0.CR1
> Reporter: Andre Dietisheim
> Priority: Blocker
>
> In https://bugzilla.redhat.com/show_bug.cgi?id=1145848 openshift-java-client cant connect to OpenShift running on RHEL 6.6 when using openjdk. We have to verify that this affects the Eclipse based tooling (that's also using openshift-java-client)
> {code}
> java.io.IOException: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> at hudson.plugins.openshift.OpenShiftCloud.getOpenShiftConnection(OpenShiftCloud.java:186)
> at hudson.plugins.openshift.OpenShiftCloud.getSlaves(OpenShiftCloud.java:877)
> at hudson.plugins.openshift.OpenShiftCloud.provisionSlave(OpenShiftCloud.java:451)
> at hudson.plugins.openshift.OpenShiftCloud.provision(OpenShiftCloud.java:413)
> at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:281)
> at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:51)
> at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:368)
> at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:54)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years
[JBoss JIRA] (JBIDE-18454) Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
by Andre Dietisheim (JIRA)
[ https://issues.jboss.org/browse/JBIDE-18454?page=com.atlassian.jira.plugi... ]
Andre Dietisheim edited comment on JBIDE-18454 at 9/30/14 8:32 AM:
-------------------------------------------------------------------
*Why is this happening?*
The current version of the JDK doesn't support EDH key sizes larger than 1024 bits.
>From https://bugzilla.redhat.com/show_bug.cgi?id=1035818#c41:
{quote}
The openjdk-1.7.0 as shipped in RHEL-6.6 beta doesn't support ECC (and by extension ECDHE), see https://bugzilla.redhat.com/show_bug.cgi?id=1121211 for details. That's why it doesn't negotiate ECDHE cipher suite and falls back to DHE even though the server does negotiate it with NSS or openssl clients.
{quote}
This wasn't a problem in prior versions of httpd because DHE keys larger than 1024 bits weren't being provided during handshake. The upcoming httpd offers larger DHE keys by default and would require obscure configuration changes to match the current behavior.
The httpd configuration shipped with OSE includes an SSLCipherSuite which prefers ECDHE and EDH ciphers over others (which may work with "old" JDK clients). Java clients tell httpd that they can use EDH, but the maximum keysize either can't be or isn't specified during handshake, leading to the issue at hand.
was (Author: adietish):
*Why is this happening?*
The current version of the JDK doesn't support DEH key sizes larger than 1024 bits.
>From https://bugzilla.redhat.com/show_bug.cgi?id=1035818#c41:
{quote}
The openjdk-1.7.0 as shipped in RHEL-6.6 beta doesn't support ECC (and by extension ECDHE), see https://bugzilla.redhat.com/show_bug.cgi?id=1121211 for details. That's why it doesn't negotiate ECDHE cipher suite and falls back to DHE even though the server does negotiate it with NSS or openssl clients.
{quote}
This wasn't a problem in prior versions of httpd because DHE keys larger than 1024 bits weren't being provided during handshake. The upcoming httpd offers larger DHE keys by default and would require obscure configuration changes to match the current behavior.
The httpd configuration shipped with OSE includes an SSLCipherSuite which prefers ECDHE and EDH ciphers over others (which may work with "old" JDK clients). Java clients tell httpd that they can use EDH, but the maximum keysize either can't be or isn't specified during handshake, leading to the issue at hand.
> Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: JBIDE-18454
> URL: https://issues.jboss.org/browse/JBIDE-18454
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.2.0.CR1
> Reporter: Andre Dietisheim
> Priority: Blocker
>
> In https://bugzilla.redhat.com/show_bug.cgi?id=1145848 openshift-java-client cant connect to OpenShift running on RHEL 6.6 when using openjdk. We have to verify that this affects the Eclipse based tooling (that's also using openshift-java-client)
> {code}
> java.io.IOException: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> at hudson.plugins.openshift.OpenShiftCloud.getOpenShiftConnection(OpenShiftCloud.java:186)
> at hudson.plugins.openshift.OpenShiftCloud.getSlaves(OpenShiftCloud.java:877)
> at hudson.plugins.openshift.OpenShiftCloud.provisionSlave(OpenShiftCloud.java:451)
> at hudson.plugins.openshift.OpenShiftCloud.provision(OpenShiftCloud.java:413)
> at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:281)
> at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:51)
> at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:368)
> at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:54)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years
[JBoss JIRA] (JBIDE-18454) Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
by Andre Dietisheim (JIRA)
[ https://issues.jboss.org/browse/JBIDE-18454?page=com.atlassian.jira.plugi... ]
Andre Dietisheim edited comment on JBIDE-18454 at 9/30/14 8:31 AM:
-------------------------------------------------------------------
*Why is this happening?*
The current version of the JDK doesn't support DEH key sizes larger than 1024 bits.
>From https://bugzilla.redhat.com/show_bug.cgi?id=1035818#c41:
{quote}
The openjdk-1.7.0 as shipped in RHEL-6.6 beta doesn't support ECC (and by extension ECDHE), see https://bugzilla.redhat.com/show_bug.cgi?id=1121211 for details. That's why it doesn't negotiate ECDHE cipher suite and falls back to DHE even though the server does negotiate it with NSS or openssl clients.
{quote}
This wasn't a problem in prior versions of httpd because DHE keys larger than 1024 bits weren't being provided during handshake. The upcoming httpd offers larger DHE keys by default and would require obscure configuration changes to match the current behavior.
The httpd configuration shipped with OSE includes an SSLCipherSuite which prefers ECDHE and EDH ciphers over others (which may work with "old" JDK clients). Java clients tell httpd that they can use EDH, but the maximum keysize either can't be or isn't specified during handshake, leading to the issue at hand.
was (Author: adietish):
*Why is this happening?*
The current version of the JDK doesn't support DEH key sizes larger than 1024 bits.
>From https://bugzilla.redhat.com/show_bug.cgi?id=1035818#c41:
{quote}
The openjdk-1.7.0 as shipped in RHEL-6.6 beta doesn't support ECC (and by extension ECDHE), see bug 1121211 for details. That's why it doesn't negotiate ECDHE cipher suite and falls back to DHE even though the server does negotiate it with NSS or openssl clients.
{quote}
This wasn't a problem in prior versions of httpd because DHE keys larger than 1024 bits weren't being provided during handshake. The upcoming httpd offers larger DHE keys by default and would require obscure configuration changes to match the current behavior.
The httpd configuration shipped with OSE includes an SSLCipherSuite which prefers ECDHE and EDH ciphers over others (which may work with "old" JDK clients). Java clients tell httpd that they can use EDH, but the maximum keysize either can't be or isn't specified during handshake, leading to the issue at hand.
> Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: JBIDE-18454
> URL: https://issues.jboss.org/browse/JBIDE-18454
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.2.0.CR1
> Reporter: Andre Dietisheim
> Priority: Blocker
>
> In https://bugzilla.redhat.com/show_bug.cgi?id=1145848 openshift-java-client cant connect to OpenShift running on RHEL 6.6 when using openjdk. We have to verify that this affects the Eclipse based tooling (that's also using openshift-java-client)
> {code}
> java.io.IOException: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> at hudson.plugins.openshift.OpenShiftCloud.getOpenShiftConnection(OpenShiftCloud.java:186)
> at hudson.plugins.openshift.OpenShiftCloud.getSlaves(OpenShiftCloud.java:877)
> at hudson.plugins.openshift.OpenShiftCloud.provisionSlave(OpenShiftCloud.java:451)
> at hudson.plugins.openshift.OpenShiftCloud.provision(OpenShiftCloud.java:413)
> at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:281)
> at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:51)
> at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:368)
> at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:54)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years
[JBoss JIRA] (JBIDE-18454) Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
by Andre Dietisheim (JIRA)
[ https://issues.jboss.org/browse/JBIDE-18454?page=com.atlassian.jira.plugi... ]
Andre Dietisheim edited comment on JBIDE-18454 at 9/30/14 8:30 AM:
-------------------------------------------------------------------
*Why is this happening?*
The current version of the JDK doesn't support DEH key sizes larger than 1024 bits.
>From https://bugzilla.redhat.com/show_bug.cgi?id=1035818#c41:
{quote}
The openjdk-1.7.0 as shipped in RHEL-6.6 beta doesn't support ECC (and by extension ECDHE), see bug 1121211 for details. That's why it doesn't negotiate ECDHE cipher suite and falls back to DHE even though the server does negotiate it with NSS or openssl clients.
{quote}
This wasn't a problem in prior versions of httpd because DHE keys larger than 1024 bits weren't being provided during handshake. The upcoming httpd offers larger DHE keys by default and would require obscure configuration changes to match the current behavior.
The httpd configuration shipped with OSE includes an SSLCipherSuite which prefers ECDHE and EDH ciphers over others (which may work with "old" JDK clients). Java clients tell httpd that they can use EDH, but the maximum keysize either can't be or isn't specified during handshake, leading to the issue at hand.
was (Author: adietish):
*Why is this happening?*
The current version of the JDK doesn't support EDH key sizes larger than 1024 bits.
>From https://bugzilla.redhat.com/show_bug.cgi?id=1035818#c41:
The openjdk-1.7.0 as shipped in RHEL-6.6 beta doesn't support ECC (and by extension ECDHE), see bug 1121211 for details. That's why it doesn't negotiate ECDHE cipher suite and falls back to DHE even though the server does negotiate it with NSS or openssl clients.
This wasn't a problem in prior versions of httpd because DHE keys larger than 1024 bits weren't being provided during handshake. The upcoming httpd offers larger DHE keys by default and would require obscure configuration changes to match the current behavior.
The httpd configuration shipped with OSE includes an SSLCipherSuite which prefers ECDHE and EDH ciphers over others (which may work with "old" JDK clients). Java clients tell httpd that they can use EDH, but the maximum keysize either can't be or isn't specified during handshake, leading to the issue at hand.
> Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: JBIDE-18454
> URL: https://issues.jboss.org/browse/JBIDE-18454
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.2.0.CR1
> Reporter: Andre Dietisheim
> Priority: Blocker
>
> In https://bugzilla.redhat.com/show_bug.cgi?id=1145848 openshift-java-client cant connect to OpenShift running on RHEL 6.6 when using openjdk. We have to verify that this affects the Eclipse based tooling (that's also using openshift-java-client)
> {code}
> java.io.IOException: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> at hudson.plugins.openshift.OpenShiftCloud.getOpenShiftConnection(OpenShiftCloud.java:186)
> at hudson.plugins.openshift.OpenShiftCloud.getSlaves(OpenShiftCloud.java:877)
> at hudson.plugins.openshift.OpenShiftCloud.provisionSlave(OpenShiftCloud.java:451)
> at hudson.plugins.openshift.OpenShiftCloud.provision(OpenShiftCloud.java:413)
> at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:281)
> at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:51)
> at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:368)
> at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:54)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years
[JBoss JIRA] (JBIDE-18454) Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
by Andre Dietisheim (JIRA)
[ https://issues.jboss.org/browse/JBIDE-18454?page=com.atlassian.jira.plugi... ]
Andre Dietisheim edited comment on JBIDE-18454 at 9/30/14 8:29 AM:
-------------------------------------------------------------------
*Why is this happening?*
The current version of the JDK doesn't support EDH key sizes larger than 1024 bits.
>From https://bugzilla.redhat.com/show_bug.cgi?id=1035818#c41:
The openjdk-1.7.0 as shipped in RHEL-6.6 beta doesn't support ECC (and by extension ECDHE), see bug 1121211 for details. That's why it doesn't negotiate ECDHE cipher suite and falls back to DHE even though the server does negotiate it with NSS or openssl clients.
This wasn't a problem in prior versions of httpd because DHE keys larger than 1024 bits weren't being provided during handshake. The upcoming httpd offers larger DHE keys by default and would require obscure configuration changes to match the current behavior.
The httpd configuration shipped with OSE includes an SSLCipherSuite which prefers ECDHE and EDH ciphers over others (which may work with "old" JDK clients). Java clients tell httpd that they can use EDH, but the maximum keysize either can't be or isn't specified during handshake, leading to the issue at hand.
was (Author: adietish):
Apparently the problem is lacking support for DHE keys < 1024 bits. In Sun jdk this was fixed in 2013 while openjdk is still not corrected.
In http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-gi... the solution they found was to remove the *DHE* cypher and force using a different cypher.
> Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: JBIDE-18454
> URL: https://issues.jboss.org/browse/JBIDE-18454
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.2.0.CR1
> Reporter: Andre Dietisheim
> Priority: Blocker
>
> In https://bugzilla.redhat.com/show_bug.cgi?id=1145848 openshift-java-client cant connect to OpenShift running on RHEL 6.6 when using openjdk. We have to verify that this affects the Eclipse based tooling (that's also using openshift-java-client)
> {code}
> java.io.IOException: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> at hudson.plugins.openshift.OpenShiftCloud.getOpenShiftConnection(OpenShiftCloud.java:186)
> at hudson.plugins.openshift.OpenShiftCloud.getSlaves(OpenShiftCloud.java:877)
> at hudson.plugins.openshift.OpenShiftCloud.provisionSlave(OpenShiftCloud.java:451)
> at hudson.plugins.openshift.OpenShiftCloud.provision(OpenShiftCloud.java:413)
> at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:281)
> at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:51)
> at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:368)
> at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:54)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years
[JBoss JIRA] (JBIDE-18454) Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
by Andre Dietisheim (JIRA)
[ https://issues.jboss.org/browse/JBIDE-18454?page=com.atlassian.jira.plugi... ]
Andre Dietisheim edited comment on JBIDE-18454 at 9/30/14 8:19 AM:
-------------------------------------------------------------------
Apparently the problem is lacking support for DHE keys < 1024 bits. In Sun jdk this was fixed in 2013 while openjdk is still not corrected.
In http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-gi... the solution they found was to remove the *DHE* cypher and force using a different cypher.
was (Author: adietish):
In http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-gi... the solution they found was to remove the *DHE* cypher and force using a different cypher.
> Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: JBIDE-18454
> URL: https://issues.jboss.org/browse/JBIDE-18454
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.2.0.CR1
> Reporter: Andre Dietisheim
> Priority: Blocker
>
> In https://bugzilla.redhat.com/show_bug.cgi?id=1145848 openshift-java-client cant connect to OpenShift running on RHEL 6.6 when using openjdk. We have to verify that this affects the Eclipse based tooling (that's also using openshift-java-client)
> {code}
> java.io.IOException: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> at hudson.plugins.openshift.OpenShiftCloud.getOpenShiftConnection(OpenShiftCloud.java:186)
> at hudson.plugins.openshift.OpenShiftCloud.getSlaves(OpenShiftCloud.java:877)
> at hudson.plugins.openshift.OpenShiftCloud.provisionSlave(OpenShiftCloud.java:451)
> at hudson.plugins.openshift.OpenShiftCloud.provision(OpenShiftCloud.java:413)
> at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:281)
> at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:51)
> at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:368)
> at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:54)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years
[JBoss JIRA] (JBIDE-18454) Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
by Andre Dietisheim (JIRA)
[ https://issues.jboss.org/browse/JBIDE-18454?page=com.atlassian.jira.plugi... ]
Andre Dietisheim edited comment on JBIDE-18454 at 9/30/14 8:17 AM:
-------------------------------------------------------------------
In http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-gi... the solution they found was to remove the *DHE* cypher and force using a different cypher.
was (Author: adietish):
In http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-gi... the solution they found was to eclipse the *DHE* cypher and force using a different cypher.
> Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: JBIDE-18454
> URL: https://issues.jboss.org/browse/JBIDE-18454
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.2.0.CR1
> Reporter: Andre Dietisheim
> Priority: Blocker
>
> In https://bugzilla.redhat.com/show_bug.cgi?id=1145848 openshift-java-client cant connect to OpenShift running on RHEL 6.6 when using openjdk. We have to verify that this affects the Eclipse based tooling (that's also using openshift-java-client)
> {code}
> java.io.IOException: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> at hudson.plugins.openshift.OpenShiftCloud.getOpenShiftConnection(OpenShiftCloud.java:186)
> at hudson.plugins.openshift.OpenShiftCloud.getSlaves(OpenShiftCloud.java:877)
> at hudson.plugins.openshift.OpenShiftCloud.provisionSlave(OpenShiftCloud.java:451)
> at hudson.plugins.openshift.OpenShiftCloud.provision(OpenShiftCloud.java:413)
> at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:281)
> at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:51)
> at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:368)
> at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:54)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years
[JBoss JIRA] (JBIDE-18455) UI freeze when using server view on remote servers
by Max Rydahl Andersen (JIRA)
Max Rydahl Andersen created JBIDE-18455:
-------------------------------------------
Summary: UI freeze when using server view on remote servers
Key: JBIDE-18455
URL: https://issues.jboss.org/browse/JBIDE-18455
Project: Tools (JBoss Tools)
Issue Type: Bug
Components: server
Reporter: Max Rydahl Andersen
Priority: Critical
create a remote server
start it
now when trying to use the server view with this server things freezes for several seconds.
stacktrace shows it is blocking the main thread.
full jstacktrace here: https://gist.github.com/maxandersen/51575583ba5877eb48ec
important part here:
{code}
"main" prio=5 tid=0x0000000102870000 nid=0x513 in Object.wait() [0x00007fff5fbf9000]
java.lang.Thread.State: TIMED_WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
- waiting on <0x00000007f492b908> (a java.lang.Object)
at org.xnio.AbstractIoFuture.await(AbstractIoFuture.java:101)
- locked <0x00000007f492b908> (a java.lang.Object)
at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:101)
at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:256)
at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70)
- locked <0x00000007f492a9a0> (a org.jboss.as.protocol.ProtocolConnectionManager)
at org.jboss.as.protocol.mgmt.FutureManagementChannel$Establishing.getChannel(FutureManagementChannel.java:176)
at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:144)
- locked <0x00000007f491a368> (a org.jboss.as.controller.client.impl.RemotingModelControllerClient)
at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:65)
at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:115)
at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:98)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:236)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:141)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:127)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:71)
at org.jboss.ide.eclipse.as.internal.management.as71.AS71Manager.execute(AS71Manager.java:325)
at org.jboss.ide.eclipse.as.internal.management.as71.AS71Manager.getServerState(AS71Manager.java:266)
at org.jboss.ide.eclipse.as.internal.management.as71.JBoss71ManagerService.getServerState(JBoss71ManagerService.java:142)
at org.jboss.ide.eclipse.as.management.core.JBoss7ManagerServiceProxy.getServerState(JBoss7ManagerServiceProxy.java:71)
at org.jboss.tools.as.core.server.controllable.subsystems.internal.ManagementPublishController.isRunning(ManagementPublishController.java:112)
at org.jboss.tools.as.core.server.controllable.subsystems.internal.ManagementPublishController.canPublish(ManagementPublishController.java:124)
at org.jboss.ide.eclipse.as.wtp.core.server.behavior.ControllableServerBehavior.canPublish(ControllableServerBehavior.java:297)
at org.eclipse.wst.server.core.internal.Server.canPublish(Server.java:1215)
at org.eclipse.wst.server.ui.internal.view.servers.PublishAction.accept(PublishAction.java:40)
at org.eclipse.wst.server.ui.internal.view.servers.AbstractServerAction.selectionChanged(AbstractServerAction.java:85)
at org.eclipse.ui.actions.SelectionProviderAction.selectionChanged(SelectionProviderAction.java:144)
at org.eclipse.jface.viewers.Viewer$2.run(Viewer.java:163)
{code}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years
[JBoss JIRA] (JBIDE-18454) Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
by Andre Dietisheim (JIRA)
[ https://issues.jboss.org/browse/JBIDE-18454?page=com.atlassian.jira.plugi... ]
Andre Dietisheim commented on JBIDE-18454:
------------------------------------------
In http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-gi... the solution they found was to eclipse the *DHE* cypher and force using a different cypher.
> Cant connect to OpenShift running on RHEL 6.6 when using openjdk (javax.net.ssl.SSLException: Could not generate DH keypair)
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: JBIDE-18454
> URL: https://issues.jboss.org/browse/JBIDE-18454
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.2.0.CR1
> Reporter: Andre Dietisheim
> Priority: Blocker
>
> In https://bugzilla.redhat.com/show_bug.cgi?id=1145848 openshift-java-client cant connect to OpenShift running on RHEL 6.6 when using openjdk. We have to verify that this affects the Eclipse based tooling (that's also using openshift-java-client)
> {code}
> java.io.IOException: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> at hudson.plugins.openshift.OpenShiftCloud.getOpenShiftConnection(OpenShiftCloud.java:186)
> at hudson.plugins.openshift.OpenShiftCloud.getSlaves(OpenShiftCloud.java:877)
> at hudson.plugins.openshift.OpenShiftCloud.provisionSlave(OpenShiftCloud.java:451)
> at hudson.plugins.openshift.OpenShiftCloud.provision(OpenShiftCloud.java:413)
> at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:281)
> at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:51)
> at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:368)
> at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:54)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years