FIX to javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

Fix ERROR

javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1860) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1843) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1362) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:472) at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:65) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) at org

I struck with this error over two days. I would like to publish this, so that it may help someone struck with this error.

What cipher suite?

A cipher suite is a collection of symmetric and asymmetric encryption algorithms used by hosts to establish a secure communication. Supported cipher suites can be classified based on encryption algorithm strength, key length, key exchange and authentication mechanisms.

This issue looks like is java issue. The java class “SSLSocketFactory” looks not handing the CipherSuites that contains “_ECDHE_ “ .  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128

import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; import java.util.LinkedList; import java.util.List; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; public class SecureSocketFactory extends SSLSocketFactory{ private final SSLSocketFactory delegate; public SecureSocketFactory(SSLSocketFactory delegate) { this.delegate = delegate; } @Override public String[] getDefaultCipherSuites() { return this.delegate.getDefaultCipherSuites(); } @Override public String[] getSupportedCipherSuites() { return this.delegate.getSupportedCipherSuites(); } @Override public Socket createSocket(String arg0, int arg1) throws IOException, UnknownHostException { Socket socket = this.delegate.createSocket(arg0, arg1); List<String> limited = new LinkedList<String>(); for(String suite : ((SSLSocket)socket).getEnabledCipherSuites()) { if(!suite.contains("_ECDHE_")) { limited.add(suite); } } ((SSLSocket)socket).setEnabledCipherSuites(limited.toArray( new String[limited.size()])); return socket; } @Override public Socket createSocket(InetAddress arg0, int arg1) throws IOException { Socket socket = this.delegate.createSocket(arg0, arg1); List<String> limited = new LinkedList<String>(); for(String suite : ((SSLSocket)socket).getEnabledCipherSuites()) { if(!suite.contains("_ECDHE_")) { limited.add(suite); } } ((SSLSocket)socket).setEnabledCipherSuites(limited.toArray( new String[limited.size()])); return socket; } @Override public Socket createSocket(Socket arg0, String arg1, int arg2, boolean arg3) throws IOException { Socket socket = this.delegate.createSocket(arg0, arg1, arg2, arg3); List<String> limited = new LinkedList<String>(); for(String suite : ((SSLSocket)socket).getEnabledCipherSuites()) { if(!suite.contains("_ECDHE_")) { limited.add(suite); } } ((SSLSocket)socket).setEnabledCipherSuites(limited.toArray( new String[limited.size()])); return socket; } @Override public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3) throws IOException, UnknownHostException { Socket socket = this.delegate.createSocket(arg0, arg1, arg2, arg3); List<String> limited = new LinkedList<String>(); for(String suite : ((SSLSocket)socket).getEnabledCipherSuites()) { if(!suite.contains("_ECDHE_")) { limited.add(suite); } } ((SSLSocket)socket).setEnabledCipherSuites(limited.toArray( new String[limited.size()])); return socket; } @Override public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2, int arg3) throws IOException { Socket socket = this.delegate.createSocket(arg0, arg1, arg2, arg3); List<String> limited = new LinkedList<String>(); for(String suite : ((SSLSocket)socket).getEnabledCipherSuites()) { if(!suite.contains("_ECDHE_")) { limited.add(suite); } } ((SSLSocket)socket).setEnabledCipherSuites(limited.toArray( new String[limited.size()])); return socket; } }

Below is the method to extract data from remote site. Most of the code is same how you extract data from remote HTTPS site. Only below line you use to replace use our custom ssl socket factory rather use java default one.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61

HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSocketFactory(sc.getSocketFactory())); public byte[] getUrlContent(String url) throws Exception { URL dataUrl = new URL(url); Reader reader = null; if (url.startsWith("ftp:") || url.startsWith("file:")) { InputStream ftpInputStream = dataUrl.openStream(); byte[] content = IOUtils.toByteArray(ftpInputStream); IOUtils.closeQuietly(ftpInputStream); return content; } try { // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; // Install the all-trusting trust manager final SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection .setDefaultSSLSocketFactory(new SecureSocketFactory(sc.getSocketFactory())); // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }; // Install the all-trusting host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); URLConnection con = dataUrl.openConnection(); reader = new InputStreamReader(con.getInputStream()); byte[] bytes = IOUtils.toByteArray(reader); return bytes; } catch (Exception e) { logger.severe(ExceptionUtils.getStackTrace(e)); throw e; } finally { if (reader != null) { reader.close(); } } }