[jbosstools-issues] [JBoss JIRA] (JBIDE-18454) Cant connect to OpenShift running on RHEL 6.6 (javax.net.ssl.SSLException: Could not generate DH keypair)
Andre Dietisheim (JIRA)
issues at jboss.org
Tue Sep 30 15:11:03 EDT 2014
[ https://issues.jboss.org/browse/JBIDE-18454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13007466#comment-13007466 ]
Andre Dietisheim edited comment on JBIDE-18454 at 9/30/14 3:10 PM:
-------------------------------------------------------------------
In a POC the following seems to work for me (not tested extensively yet):
{code}
SSLSocketFactory wrappingSocketFactory = new SSLSocketFactory() {
@Override
public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2, int arg3) throws IOException {
return socketFactory.createSocket(arg0, arg1, arg2, arg3);
}
@Override
public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3) throws IOException,
UnknownHostException {
return socketFactory.createSocket(arg0, arg1, arg2, arg3);
}
@Override
public Socket createSocket(InetAddress arg0, int arg1) throws IOException {
return socketFactory.createSocket(arg0, arg1);
}
@Override
public Socket createSocket(String arg0, int arg1) throws IOException, UnknownHostException {
return socketFactory.createSocket(arg0, arg1);
}
@Override
public String[] getSupportedCipherSuites() {
return null;
}
@Override
public String[] getDefaultCipherSuites() {
return null;
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
SSLSocket socket = (SSLSocket) socketFactory.createSocket(s, host, port, autoClose);
List<String> ciphers = new ArrayList<String>();
for (String cipher : socket.getEnabledCipherSuites()) {
if (!cipher.contains("_DHE_")) {
ciphers.add(cipher);
}
};
socket.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()]));
return socket;
}
};
((HttpsURLConnection) connection).setSSLSocketFactory(wrappingSocketFactory);
{code}
I dont know yet why *#getSupportedCipherSuites* is never called in my current testing (my initial idea was to have them returning all but the _DHE_ ciphers from the wrapped socket factory)
was (Author: adietish):
In a POC the following seems to work for me (not tested extensively yet):
{code}
SSLSocketFactory wrappingSocketFactory = new SSLSocketFactory() {
@Override
public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2, int arg3) throws IOException {
return socketFactory.createSocket(arg0, arg1, arg2, arg3);
}
@Override
public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3) throws IOException,
UnknownHostException {
return socketFactory.createSocket(arg0, arg1, arg2, arg3);
}
@Override
public Socket createSocket(InetAddress arg0, int arg1) throws IOException {
return socketFactory.createSocket(arg0, arg1);
}
@Override
public Socket createSocket(String arg0, int arg1) throws IOException, UnknownHostException {
return socketFactory.createSocket(arg0, arg1);
}
@Override
public String[] getSupportedCipherSuites() {
return null;
}
@Override
public String[] getDefaultCipherSuites() {
return null;
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
SSLSocket socket = (SSLSocket) socketFactory.createSocket(s, host, port, autoClose);
List<String> ciphers = new ArrayList<String>();
for (String cipher : socket.getEnabledCipherSuites()) {
if (!cipher.contains("_DHE_")) {
ciphers.add(cipher);
}
};
socket.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()]));
return socket;
}
};
((HttpsURLConnection) connection).setSSLSocketFactory(wrappingSocketFactory);
{code}
I dont know yet why #getSupportedCipherSuites is never called in my current testing (my initial idea was to have them returning all but the _DHE_ ciphers from the wrapped socket factory)
> Cant connect to OpenShift running on RHEL 6.6 (javax.net.ssl.SSLException: Could not generate DH keypair)
> ---------------------------------------------------------------------------------------------------------
>
> Key: JBIDE-18454
> URL: https://issues.jboss.org/browse/JBIDE-18454
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.2.0.CR1
> Reporter: Andre Dietisheim
> Assignee: Andre Dietisheim
> Priority: Blocker
> Fix For: 4.2.0.CR2
>
> Attachments: ssl-error-on-connect.png
>
>
> In https://bugzilla.redhat.com/show_bug.cgi?id=1145848 openshift-java-client cant connect to OpenShift running on RHEL 6.6 when using openjdk. We have to verify that this affects the Eclipse based tooling (that's also using openshift-java-client)
> {code}
> java.io.IOException: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> at hudson.plugins.openshift.OpenShiftCloud.getOpenShiftConnection(OpenShiftCloud.java:186)
> at hudson.plugins.openshift.OpenShiftCloud.getSlaves(OpenShiftCloud.java:877)
> at hudson.plugins.openshift.OpenShiftCloud.provisionSlave(OpenShiftCloud.java:451)
> at hudson.plugins.openshift.OpenShiftCloud.provision(OpenShiftCloud.java:413)
> at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:281)
> at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:51)
> at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:368)
> at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:54)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jbosstools-issues
mailing list