我正在测试一个Java应用程序。我尝试使用DH密码套件启动SSL握手,但是出现以下错误:
java.lang.RuntimeException: Could not generate DH keypair
有些人建议使用
BouncyCastle
,但是很多人报告了它的错误,所以如果有其他替代方案,我不鼓励使用它。有人建议从http://www.oracle.com/technetwork/java/javase/downloads/index.html下载
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files
。我替换了以下两个文件:java.security
和java.policy
在C:\Program Files (x86)\Java\jre7\lib\security
中。请注意,我还注意到我安装了Java\jre7\security
在:Program Files (x86)
和Program Files
,我都进行了替换。但是,我仍然看到相同的错误。这个错误有什么解决方法吗? 编辑: 堆栈跟踪:
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at MyClass.MyClass.myFunction(MyProg.java:78)
at MyClass.MyClass.main(MyClass.java:233)
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.DHCrypt.<init>(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
... 4 more
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)
at java.security.KeyPairGenerator$Delegate.initialize(Unknown Source)
... 11 more
编辑2: 我的代码作为客户端试图与远程服务器(网站)进行SSL握手。我将客户端的加密套件列表设置为:
{
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_NULL_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"
};
客户端列表中的所有密码套件都受到Java支持。如何配置Java客户端以支持在服务器提供长DH密钥时发起SSL握手?