grouper-users - RE: [grouper-users] SSL on download URL
Subject: Grouper Users - Open Discussion List
List archive
- From: "Hyzer, Chris" <>
- To: Andrew Morgan <>, David Langenberg <>
- Cc: " Mailing List" <>
- Subject: RE: [grouper-users] SSL on download URL
- Date: Sat, 5 Nov 2016 18:51:49 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:SoR8TR2YHuTTJf7JsmDT+DRfVm0co7zxezQtwd8ZsekXKvad9pjvdHbS+e9qxAeQG96KsbQV0qGP6v+ocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXsq3G/pQQfBg/4fVIsYL+kQMiD1o/ujr/60qaQSj0AvCC6b7J2IUf+hiTqne5Sv7FfLL0swADCuHpCdrce72ppIVWOg0S0vZ/or9ZLuh5dsPM59sNGTb6yP+FhFeQZX3waNDUc4sHxuAaLaAyV6XIaGjETlQBHCg7t6wvhQtH8vjas8qJR0TebMYXSRLY7VDKo4r1kAEvkgTkKMxYk+2HWgcV/i+RWrA/39DJlxIuBKqGEJvdkOuv2fckbXiAJCsNaVz1TD5mUbpAESfcZMOBe6YTxug1d/lOFGQCwCba3mXdzjXjs0Ph/irx5HA==
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Ok, this is fixed, use java 7+ with the installer from now on please
https://bugs.internet2.edu/jira/browse/GRP-1406
Thanks
Chris
-----Original Message-----
From: Andrew Morgan
[mailto:]
Sent: Friday, November 04, 2016 1:47 PM
To: David Langenberg
<>
Cc: Hyzer, Chris
<>;
Mailing List
<>
Subject: Re: [grouper-users] SSL on download URL
This!
We are running into this same problem with some of our vendors (and sadly,
our internal applications) that are unable to connect to our LDAP service
after upgrading to use DH keys > 1024bit. Java6 SSL clients offer DH
ciphers to the server, but they can't handle them when the server picks a
DH-capable cipher and uses a longer key. I'm agressively moving these
Java6 applications to Java7. We're not going to be held back from
upgrading by software which hasn't been publicly supported by the vendor
for almost 3 years.
My vote - stop supporting Java6.
Andy
On Fri, 4 Nov 2016, David Langenberg wrote:
> Java 6 went EOL back in 2013. I think it’s fair to say you shouldn’t be
> running latest Grouper with it.
>
>
> Dave
>
>
>
> --
>
> David Langenberg
>
> Asst Director, Identity Management
>
> The University of Chicago
>
>
>
> From:
> <>
> on behalf of Chris Hyzer
> <>
> Date: Friday, November 4, 2016 at 10:30 AM
> To:
> "
> Mailing List"
> <>
> Subject: [grouper-users] SSL on download URL
>
>
>
> Internet2 tech support just put a valid cert on
> https://software.internet2.edu, which is where downloads, patches, etc are
> hosted.
>
>
>
> Previously the installer ran from http://software.internet2.edu.
>
>
>
> However, when I change this URL in the installer, it does not run in Java6
> anymore. You get the stack below.
>
>
>
> I think we should switch to SSL for downloads and patches. Is anyone
> opposed to the installer not working in Java6 anymore? Note, Im not
> talking running grouper, im just talking about running the installer. If
> anyone has a script that auto-patches, and they use Java6, it will break
> until the switch to java7 or 8…
>
>
>
> Let me know
>
> Thanks
>
> Chris
>
>
>
> Ps. note, unless there is a trivial fix I don’t want to put in a lot of
> effort to make this SSL work with out of the box java6…
>
>
>
> Pps. Heres the stack I get…
>
>
>
> Error connecting to URL:
> https://software.internet2.edu/grouper/release/2.3.0/grouper.apiBinary-2.3.0.tar.gz
>
> Exception in thread "main" java.lang.RuntimeException: Error connecting to
> URL:
> https://software.internet2.edu/grouper/release/2.3.0/grouper.apiBinary-2.3.0.tar.gz,
>
> java.lang.RuntimeException: caller stack
>
> at
> edu.internet2.middleware.grouperInstaller.util.GrouperInstallerUtils.threadRunWithStatusDots(GrouperInstallerUtils.java:8334)
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFile(GrouperInstaller.java:294)
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFile(GrouperInstaller.java:253)
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadApi(GrouperInstaller.java:7916)
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadAndConfigureApi(GrouperInstaller.java:6823)
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller.mainInstallLogic(GrouperInstaller.java:6430)
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller.access$300(GrouperInstaller.java:80)
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller$GrouperInstallerMainFunction$1.logic(GrouperInstaller.java:1081)
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller.mainLogic(GrouperInstaller.java:1143)
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller.main(GrouperInstaller.java:414)
>
>
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFileHelper(GrouperInstaller.java:404)
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller.access$000(GrouperInstaller.java:80)
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller$1.run(GrouperInstaller.java:290)
>
> at
> edu.internet2.middleware.grouperInstaller.util.GrouperInstallerUtils$1.run(GrouperInstallerUtils.java:8281)
>
> at java.lang.Thread.run(Thread.java:662)
>
> Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could
> not generate DH keypair
>
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1612)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1595)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1521)
>
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
>
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>
> at
> edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:843)
>
> at
> edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2131)
>
> at
> edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1111)
>
> at
> edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:413)
>
> at
> edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:186)
>
> at
> edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:412)
>
> at
> edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:338)
>
> at
> edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFileHelper(GrouperInstaller.java:367)
>
> ... 4 more
>
> Caused by: java.lang.RuntimeException: Could not generate DH keypair
>
> at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:106)
>
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:556)
>
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:183)
>
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
>
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
>
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
>
> ... 14 more
>
> Caused by: java.security.InvalidAlgorithmParameterException: Prime size
> must be multiple of 64, and can only range from 512 to 1024 (inclusive)
>
> at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA13*..)
>
> at
> java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:627)
>
> at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:100)
>
> ... 22 more
>
>
- [grouper-users] SSL on download URL, Hyzer, Chris, 11/04/2016
- Re: [grouper-users] SSL on download URL, Christopher Bongaarts, 11/04/2016
- <Possible follow-up(s)>
- Re: [grouper-users] SSL on download URL, David Langenberg, 11/04/2016
- Re: [grouper-users] SSL on download URL, Andrew Morgan, 11/04/2016
- RE: [grouper-users] SSL on download URL, Hyzer, Chris, 11/05/2016
- Re: [grouper-users] SSL on download URL, Andrew Morgan, 11/04/2016
Archive powered by MHonArc 2.6.19.