我有第一个应用女巫是胖客户端应用,在 Windows 7 下运行,其中jdk版本为 1.7.0_79 ,尝试使用 https 连接访问网站 php nginx 应用资源。我首先得到以下错误:
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:136)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:688)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:261)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
... 48 more
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:658)
at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:127)
... 55 more
从我阅读的帖子和我的理解,到java 7安全性和更早版本中对证书长度的限制。我尝试使用java JCE提供程序(复制 localpolicy和US_export_policy jar )但仍然遇到同样的错误。然后我按照此处所述进行更新后发现了BouncyCastle JCE提供程序(bcprov-jdk16-1.45.jar):https://docs.oracle.com/cd/E19830-01/819-4712/ablsc/index.html,出现了新错误:
Caused by: javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 64
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1862)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1845)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1366)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1092)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
...
Caused by: java.lang.ArrayIndexOutOfBoundsException: 64
at com.sun.crypto.provider.TlsPrfGenerator.expand(TlsPrfGenerator.java:275)
at com.sun.crypto.provider.TlsPrfGenerator.doTLS10PRF(TlsPrfGenerator.java:247)
at com.sun.crypto.provider.TlsPrfGenerator.doTLS10PRF(TlsPrfGenerator.java:219)
at com.sun.crypto.provider.TlsMasterSecretGenerator.engineGenerateKey(TlsMasterSecretGenerator.java:108)
at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:530)
at sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1086)
at sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1032)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1011)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:341)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
... 48 more
我看过一些有关此错误的帖子,但无法找出问题的原因,也无法解决问题。请注意,使用jdk1.8.0_45它可以正常工作,但我们无法迁移到版本8.任何想法?
更新 我们安装了另一个访问相同资源并在服务器中运行 jdk 1.7.0_95 的网络应用,但不知道从哪里下载该版本。