Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] SSL on download URL

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] SSL on download URL


Chronological Thread 
  • From: Christopher Bongaarts <>
  • To: "Hyzer, Chris" <>, " Mailing List" <>
  • Subject: Re: [grouper-users] SSL on download URL
  • Date: Fri, 4 Nov 2016 12:12:37 -0500
  • Ironport-phdr: 9a23:hwDmZhJG2TnbPkD1hNmcpTZWNBhigK39O0sv0rFitYgVKPnxwZ3uMQTl6Ol3ixeRBMOAuqgC27ud4vCocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXsq3G/pQQfBg/4fVIsYL+kQMiC3o/mh6ibwN76W01wnj2zYLd/fl2djD76kY0ou7ZkMbs70RDTo3FFKKx8zGJsIk+PzV6nvp/jtM0rzyMF8dIw5cNaFe3Rf745VvYQWDEtM3En6dfDtALICxaX630aFGgaj0wMS0LK9hbnRprr9zbhu/Bm8CicIcDsS70oA3Kv47ojbRbpjCYBOHYd8XrLwIQkg7hcvQqsvVli2IPOe6mUMuZzZKXQYYlcSGZcCJV/TStEV6i8dYoUE+0ZPetC56P6oVQHpAGiHkH4D+rl4iJNgDn70bBsgLdpKh3PwAF1R4FGi3/TttigbKo=
  • Organization: University of Minnesota

You might be able to work around this by limiting the cipher selection to eliminate non-ephermal DH ciphers.  You might be able to set a system property on the java command line to do this.


On 11/4/2016 10:30 AM, Hyzer, Chris wrote:

Internet2 tech support just put a valid cert on https://software.internet2.edu, which is where downloads, patches, etc are hosted.

 

Previously the installer ran from http://software.internet2.edu.

 

However, when I change this URL in the installer, it does not run in Java6 anymore.  You get the stack below.

 

I think we should switch to SSL for downloads and patches.  Is anyone opposed to the installer not working in Java6 anymore?  Note, Im not talking running grouper, im just talking about running the installer.  If anyone has a script that auto-patches, and they use Java6, it will break until the switch to java7 or 8…

 

Let me know

Thanks

Chris

 

Ps. note, unless there is a trivial fix I don’t want to put in a lot of effort to make this SSL work with out of the box java6…

 

Pps. Heres the stack I get…

 

Error connecting to URL: https://software.internet2.edu/grouper/release/2.3.0/grouper.apiBinary-2.3.0.tar.gz

Exception in thread "main" java.lang.RuntimeException: Error connecting to URL: https://software.internet2.edu/grouper/release/2.3.0/grouper.apiBinary-2.3.0.tar.gz,

java.lang.RuntimeException: caller stack

        at edu.internet2.middleware.grouperInstaller.util.GrouperInstallerUtils.threadRunWithStatusDots(GrouperInstallerUtils.java:8334)

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFile(GrouperInstaller.java:294)

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFile(GrouperInstaller.java:253)

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadApi(GrouperInstaller.java:7916)

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadAndConfigureApi(GrouperInstaller.java:6823)

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller.mainInstallLogic(GrouperInstaller.java:6430)

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller.access$300(GrouperInstaller.java:80)

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller$GrouperInstallerMainFunction$1.logic(GrouperInstaller.java:1081)

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller.mainLogic(GrouperInstaller.java:1143)

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller.main(GrouperInstaller.java:414)

 

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFileHelper(GrouperInstaller.java:404)

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller.access$000(GrouperInstaller.java:80)

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller$1.run(GrouperInstaller.java:290)

        at edu.internet2.middleware.grouperInstaller.util.GrouperInstallerUtils$1.run(GrouperInstallerUtils.java:8281)

        at java.lang.Thread.run(Thread.java:662)

Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1612)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1595)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1521)

        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)

        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)

        at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:843)

        at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2131)

        at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1111)

        at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:413)

        at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:186)

        at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:412)

        at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:338)

        at edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFileHelper(GrouperInstaller.java:367)

        ... 4 more

Caused by: java.lang.RuntimeException: Could not generate DH keypair

        at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:106)

        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:556)

        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:183)

        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)

        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)

        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)

        ... 14 more

Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)

        at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA13*..)

        at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:627)

        at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:100)

        ... 22 more


-- 
%%  Christopher A. Bongaarts   %%            %%
%%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%



Archive powered by MHonArc 2.6.19.

Top of Page