自昨天在我的AWS机器上进行Linux更新以来,我无法再连接到HTTPS站点。运行我的Groovy(Java)脚本时出现以下错误:
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1842)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1825)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1346)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:439)
at org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:424)
at org.jsoup.helper.HttpConnection.execute(HttpConnection.java:178)
at org.jsoup.helper.HttpConnection.get(HttpConnection.java:167)
at org.jsoup.Connection$get$1.call(Unknown Source)
at SiteConnector.run(SiteConnector.groovy:59)
at groovy.lang.GroovyShell.runScriptOrMainOrTestOrRunnable(GroovyShell.java:258)
at groovy.lang.GroovyShell.run(GroovyShell.java:502)
at groovy.lang.GroovyShell.run(GroovyShell.java:491)
at groovy.ui.GroovyMain.processOnce(GroovyMain.java:650)
at groovy.ui.GroovyMain.run(GroovyMain.java:381)
at groovy.ui.GroovyMain.process(GroovyMain.java:367)
at groovy.ui.GroovyMain.processArgs(GroovyMain.java:126)
at groovy.ui.GroovyMain.main(GroovyMain.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.codehaus.groovy.tools.GroovyStarter.rootLoader(GroovyStarter.java:106)
at org.codehaus.groovy.tools.GroovyStarter.main(GroovyStarter.java:128)
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:136)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:621)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:205)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
... 24 more
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:658)
at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:127)
... 31 more
我认为亚马逊Linux对Java版本(1.7.0_65)有一个新的依赖性,我有这个错误 - 我如何解决它(https://stackoverflow.com/a/16687105/438001提到Java版本中的问题)?什么是没有此问题的Java版本以及如何在AWS上安装它(什么是解决依赖关系的正确存储库 - Amazon Linux仅向我显示要与yum一起安装的当前Java版本。)
如果Java版本不是问题,我怎样才能让以下行再次运行(顺便说一句,这是堆栈跟踪中提到的第59行):
Jsoup.connect(httpsURL).userAgent(USER_AGENT).timeout(TIMEOUT).get()
非常感谢, 约尔格
答案 0 :(得分:1)
最后,我的解决方案是基于这些instructions安装Java 8(jdk-8u20-linux-x64.tar.gz) - 正如@owlstead所提到的,至少Java 8可以支持加密。我不确定是否由于AWS linux机器的更新而发生问题,或者我尝试联系的网站是否更新了他们的加密方法(那时与Java 7的加密技术不兼容)。
答案 1 :(得分:0)
如果你的情况与我的情况一样,由于某种原因,你无法将java升级到java 8,对我有用的是udpdating java 7,然后升级NSS。我正在运行centos 6.5,它有相同的java版本,1.7.0_65。
它已更新为java verion 1.7.0_85,为了升级nss,我运行了&#34; sudo yum upgrade nss&#34;,然后一切正常。
在此blog中获得解决方案。我希望这有助于将来的某些人。