grouper-users - Re: [grouper-users] SSL on download URL
Subject: Grouper Users - Open Discussion List
List archive
- From: Andrew Morgan <>
- To: David Langenberg <>
- Cc: "Hyzer, Chris" <>, " Mailing List" <>
- Subject: Re: [grouper-users] SSL on download URL
- Date: Fri, 4 Nov 2016 10:46:38 -0700 (PDT)
- Ironport-phdr: 9a23:jAoIzR8q5oTXjP9uRHKM819IXTAuvvDOBiVQ1KB91OocTK2v8tzYMVDF4r011RmSDN+du6MP0rKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2WVTerzWI4CIIHV2nbEwud76zSt+Z1pzvn8mJuLTrKz1SgzS8Zb4gZD6Xli728vcsvI15N6wqwQHIqHYbM85fxGdvOE7B102kvpT41NdZ/i9Ro/Ms8dJbGeW/JvxgDO8QMDNzH2kr5cGjkRDFQgaJ7HYGXS1CnhNWDgzt8Rr6X5z4vSy8u+Zgjnq0J8rzGJkyVS6v8O9OTwXngSFPYzs+6m7ejOR3lrlH5h+tukoskMbvfIiJOa8mLevmdtQASD8EB54JWg==
This!
We are running into this same problem with some of our vendors (and sadly, our internal applications) that are unable to connect to our LDAP service after upgrading to use DH keys > 1024bit. Java6 SSL clients offer DH ciphers to the server, but they can't handle them when the server picks a DH-capable cipher and uses a longer key. I'm agressively moving these Java6 applications to Java7. We're not going to be held back from upgrading by software which hasn't been publicly supported by the vendor for almost 3 years.
My vote - stop supporting Java6.
Andy
On Fri, 4 Nov 2016, David Langenberg wrote:
Java 6 went EOL back in 2013. I think it’s fair to say you shouldn’t be
running latest Grouper with it.
Dave
--
David Langenberg
Asst Director, Identity Management
The University of Chicago
From:
<>
on behalf of Chris Hyzer
<>
Date: Friday, November 4, 2016 at 10:30 AM
To:
"
Mailing List"
<>
Subject: [grouper-users] SSL on download URL
Internet2 tech support just put a valid cert on
https://software.internet2.edu, which is where downloads, patches, etc are
hosted.
Previously the installer ran from http://software.internet2.edu.
However, when I change this URL in the installer, it does not run in Java6
anymore. You get the stack below.
I think we should switch to SSL for downloads and patches. Is anyone opposed
to the installer not working in Java6 anymore? Note, Im not talking running
grouper, im just talking about running the installer. If anyone has a script
that auto-patches, and they use Java6, it will break until the switch to
java7 or 8…
Let me know
Thanks
Chris
Ps. note, unless there is a trivial fix I don’t want to put in a lot of
effort to make this SSL work with out of the box java6…
Pps. Heres the stack I get…
Error connecting to URL:
https://software.internet2.edu/grouper/release/2.3.0/grouper.apiBinary-2.3.0.tar.gz
Exception in thread "main" java.lang.RuntimeException: Error connecting to
URL:
https://software.internet2.edu/grouper/release/2.3.0/grouper.apiBinary-2.3.0.tar.gz,
java.lang.RuntimeException: caller stack
at
edu.internet2.middleware.grouperInstaller.util.GrouperInstallerUtils.threadRunWithStatusDots(GrouperInstallerUtils.java:8334)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFile(GrouperInstaller.java:294)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFile(GrouperInstaller.java:253)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadApi(GrouperInstaller.java:7916)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadAndConfigureApi(GrouperInstaller.java:6823)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller.mainInstallLogic(GrouperInstaller.java:6430)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller.access$300(GrouperInstaller.java:80)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller$GrouperInstallerMainFunction$1.logic(GrouperInstaller.java:1081)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller.mainLogic(GrouperInstaller.java:1143)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller.main(GrouperInstaller.java:414)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFileHelper(GrouperInstaller.java:404)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller.access$000(GrouperInstaller.java:80)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller$1.run(GrouperInstaller.java:290)
at
edu.internet2.middleware.grouperInstaller.util.GrouperInstallerUtils$1.run(GrouperInstallerUtils.java:8281)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not
generate DH keypair
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1612)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1595)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1521)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at
edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:843)
at
edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2131)
at
edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1111)
at
edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:413)
at
edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:186)
at
edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:412)
at
edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:338)
at
edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFileHelper(GrouperInstaller.java:367)
... 4 more
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:106)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:556)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:183)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
... 14 more
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must
be multiple of 64, and can only range from 512 to 1024 (inclusive)
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA13*..)
at
java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:627)
at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:100)
... 22 more
- [grouper-users] SSL on download URL, Hyzer, Chris, 11/04/2016
- Re: [grouper-users] SSL on download URL, Christopher Bongaarts, 11/04/2016
- <Possible follow-up(s)>
- Re: [grouper-users] SSL on download URL, David Langenberg, 11/04/2016
- Re: [grouper-users] SSL on download URL, Andrew Morgan, 11/04/2016
- RE: [grouper-users] SSL on download URL, Hyzer, Chris, 11/05/2016
- Re: [grouper-users] SSL on download URL, Andrew Morgan, 11/04/2016
Archive powered by MHonArc 2.6.19.