Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
None
Description
----Original Message----
From: Andrew Morgan
Sent: Friday, November 04, 2016 1:47 PM
To: David Langenberg
Cc: Hyzer, Chris; grouper-users Mailing List <grouper-users>
Subject: Re: [grouper-users] SSL on download URL
This!
We are running into this same problem with some of our vendors (and sadly,
our internal applications) that are unable to connect to our LDAP service
after upgrading to use DH keys > 1024bit. Java6 SSL clients offer DH
ciphers to the server, but they can't handle them when the server picks a
DH-capable cipher and uses a longer key. I'm agressively moving these
Java6 applications to Java7. We're not going to be held back from
upgrading by software which hasn't been publicly supported by the vendor
for almost 3 years.
My vote - stop supporting Java6.
Andy
On Fri, 4 Nov 2016, David Langenberg wrote:
> Java 6 went EOL back in 2013. I think it’s fair to say you shouldn’t be running latest Grouper with it.
>
>
> Dave
>
>
>
> –
>
> David Langenberg
>
> Asst Director, Identity Management
>
> The University of Chicago
>
>
>
> From: <grouper-users-request> on behalf of Chris Hyzer <mchyzer>
> Date: Friday, November 4, 2016 at 10:30 AM
> To: "grouper-users Mailing List" <grouper-users>
> Subject: [grouper-users] SSL on download URL
>
>
>
> Internet2 tech support just put a valid cert on https://software.internet2.edu, which is where downloads, patches, etc are hosted.
>
>
>
> Previously the installer ran from http://software.internet2.edu.
>
>
>
> However, when I change this URL in the installer, it does not run in Java6 anymore. You get the stack below.
>
>
>
> I think we should switch to SSL for downloads and patches. Is anyone opposed to the installer not working in Java6 anymore? Note, Im not talking running grouper, im just talking about running the installer. If anyone has a script that auto-patches, and they use Java6, it will break until the switch to java7 or 8…
>
>
>
> Let me know
>
> Thanks
>
> Chris
>
>
>
> Ps. note, unless there is a trivial fix I don’t want to put in a lot of effort to make this SSL work with out of the box java6…
>
>
>
> Pps. Heres the stack I get…
>
>
>
> Error connecting to URL: https://software.internet2.edu/grouper/release/2.3.0/grouper.apiBinary-2.3.0.tar.gz
>
> Exception in thread "main" java.lang.RuntimeException: Error connecting to URL: https://software.internet2.edu/grouper/release/2.3.0/grouper.apiBinary-2.3.0.tar.gz,
>
> java.lang.RuntimeException: caller stack
>
> at edu.internet2.middleware.grouperInstaller.util.GrouperInstallerUtils.threadRunWithStatusDots(GrouperInstallerUtils.java:8334)
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFile(GrouperInstaller.java:294)
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFile(GrouperInstaller.java:253)
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadApi(GrouperInstaller.java:7916)
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadAndConfigureApi(GrouperInstaller.java:6823)
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller.mainInstallLogic(GrouperInstaller.java:6430)
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller.access$300(GrouperInstaller.java:80)
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller$GrouperInstallerMainFunction$1.logic(GrouperInstaller.java:1081)
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller.mainLogic(GrouperInstaller.java:1143)
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller.main(GrouperInstaller.java:414)
>
>
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFileHelper(GrouperInstaller.java:404)
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller.access$000(GrouperInstaller.java:80)
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller$1.run(GrouperInstaller.java:290)
>
> at edu.internet2.middleware.grouperInstaller.util.GrouperInstallerUtils$1.run(GrouperInstallerUtils.java:8281)
>
> at java.lang.Thread.run(Thread.java:662)
>
> Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
>
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
>
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
>
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1612)
>
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1595)
>
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1521)
>
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
>
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>
> at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:843)
>
> at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2131)
>
> at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1111)
>
> at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:413)
>
> at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:186)
>
> at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:412)
>
> at edu.internet2.middleware.grouperInstallerExt.org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:338)
>
> at edu.internet2.middleware.grouperInstaller.GrouperInstaller.downloadFileHelper(GrouperInstaller.java:367)
>
> ... 4 more
>
> Caused by: java.lang.RuntimeException: Could not generate DH keypair
>
> at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:106)
>
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:556)
>
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:183)
>
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
>
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
>
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
>
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
>
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
>
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
>
> ... 14 more
>
> Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
>
> at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA13*..)
>
> at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:627)
>
> at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:100)
>
> ... 22 more
>
>