HttpClient SSLException

Question

I try to send https request to a web service and after few successful attempts, I start getting this error consistently. What does this error mean, and why does it happen on the first time itself.

javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1842)
    at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1825)
    at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1751)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:127)
    at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
    at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138)
    at org.apache.http.impl.io.ContentLengthOutputStream.flush(ContentLengthOutputStream.java:102)
    at org.apache.http.entity.StringEntity.writeTo(StringEntity.java:94)
    at org.apache.http.entity.HttpEntityWrapper.writeTo(HttpEntityWrapper.java:96)
    at org.apache.http.impl.client.EntityEnclosingRequestWrapper$EntityWrapper.writeTo(EntityEnclosingRequestWrapper.java:108)
    at org.apache.http.impl.entity.EntitySerializer.serialize(EntitySerializer.java:120)
    at org.apache.http.impl.AbstractHttpClientConnection.sendRequestEntity(AbstractHttpClientConnection.java:263)
    at org.apache.http.impl.conn.AbstractClientConnAdapter.sendRequestEntity(AbstractClientConnAdapter.java:227)
    at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:255)
    at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
    at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:622)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:454)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:941)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:919)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:910)
    at com.nim.service.push.exacttarget.ExactTargetPushService.sendMessageContacts(ExactTargetPushService.java:208)
    at com.nim.service.push.exacttarget.ExactTargetPushService.sendPushNotification(ExactTargetPushService.java:106)
    at com.nim.domain.push.PushManager.pushHelper(PushManager.java:91)
    at com.nim.domain.push.PushManager.pushEntitlementChange(PushManager.java:40)
    at com.nim.domain.push.PushManager.pushEntitlementChange(PushManager.java:36)
    at com.nim.domain.push.PushManager.pushEntitlementChange(PushManager.java:51)
    at com.nim.batch.entitlement.SubscriptionEntitlementWriter.pushClientNotifications(SubscriptionEntitlementWriter.java:161)
    at com.nim.batch.entitlement.SubscriptionEntitlementReader.retrievePage(SubscriptionEntitlementReader.java:71)
    at com.nim.batch.entitlement.SubscriptionEntitlementReader.retrievePage(SubscriptionEntitlementReader.java:1)
    at com.nim.batch.entitlement.EntitlementPagedDifferentialReader.read(EntitlementPagedDifferentialReader.java:96)
    at sun.reflect.GeneratedMethodAccessor96.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
    at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
    at com.sun.proxy.$Proxy77.read(Unknown Source)
    at org.springframework.batch.core.step.item.SimpleChunkProvider.doRead(SimpleChunkProvider.java:90)
    at org.springframework.batch.core.step.item.FaultTolerantChunkProvider.read(FaultTolerantChunkProvider.java:87)
    at org.springframework.batch.core.step.item.SimpleChunkProvider$1.doInIteration(SimpleChunkProvider.java:108)
    at org.springframework.batch.repeat.support.RepeatTemplate.getNextResult(RepeatTemplate.java:367)
    at org.springframework.batch.repeat.support.RepeatTemplate.executeInternal(RepeatTemplate.java:214)
    at org.springframework.batch.repeat.support.RepeatTemplate.iterate(RepeatTemplate.java:143)
    at org.springframework.batch.core.step.item.SimpleChunkProvider.provide(SimpleChunkProvider.java:103)
    at org.springframework.batch.core.step.item.ChunkOrientedTasklet.execute(ChunkOrientedTasklet.java:68)
    at org.springframework.batch.core.step.tasklet.TaskletStep$ChunkTransactionCallback.doInTransaction(TaskletStep.java:386)
    at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130)
    at org.springframework.batch.core.step.tasklet.TaskletStep$2.doInChunkContext(TaskletStep.java:264)
    at org.springframework.batch.core.scope.context.StepContextRepeatCallback.doInIteration(StepContextRepeatCallback.java:76)
    at org.springframework.batch.repeat.support.RepeatTemplate.getNextResult(RepeatTemplate.java:367)
    at org.springframework.batch.repeat.support.RepeatTemplate.executeInternal(RepeatTemplate.java:214)
    at org.springframework.batch.repeat.support.RepeatTemplate.iterate(RepeatTemplate.java:143)
    at org.springframework.batch.core.step.tasklet.TaskletStep.doExecute(TaskletStep.java:250)
    at org.springframework.batch.core.step.AbstractStep.execute(AbstractStep.java:195)
    at org.springframework.batch.core.job.SimpleStepHandler.handleStep(SimpleStepHandler.java:135)
    at org.springframework.batch.core.job.flow.JobFlowExecutor.executeStep(JobFlowExecutor.java:61)
    at org.springframework.batch.core.job.flow.support.state.StepState.handle(StepState.java:60)
    at org.springframework.batch.core.job.flow.support.SimpleFlow.resume(SimpleFlow.java:144)
    at org.springframework.batch.core.job.flow.support.SimpleFlow.start(SimpleFlow.java:124)
    at org.springframework.batch.core.job.flow.FlowJob.doExecute(FlowJob.java:135)
    at org.springframework.batch.core.job.AbstractJob.execute(AbstractJob.java:281)
    at org.springframework.batch.core.launch.support.SimpleJobLauncher$1.run(SimpleJobLauncher.java:120)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.RuntimeException: Could not generate DH keypair
    at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:80)
    at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:692)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:274)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:878)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:814)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
    ... 64 more
Caused by: java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec
    at org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown Source)
    at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:75)
    ... 72 more

Answer 1

I had this same problem. This article helped me: http://iwang.github.io/support/2014/03/14/cxf-cause-https-error.html

In essence, the problem is that you are using Bouncy Castle JDK1.4 libraries instead of the more recent 1.5 libraries.

To fix the problem, I removed Bouncy Castle completely. I found it was being pulled in by an unrelated library, so I added the following to the dependency in the pom.xml file:

<exclusions>
    <exclusion>
        <groupId>bouncycastle</groupId>
        <artifactId>bcmail-jdk14</artifactId>
    </exclusion>
    <exclusion>
        <groupId>bouncycastle</groupId>
        <artifactId>bcprov-jdk14</artifactId>
    </exclusion>
    <exclusion>
        <groupId>bouncycastle</groupId>
        <artifactId>bctsp-jdk14</artifactId>
    </exclusion>
<exclusions>

If you can't remove it, I suggest updating to the jdk15 libraries.

The explanation from the linked article:

Java 1.5 introduced a change to the elliptical curve cryptography API. If you use a Java Cryptography Extension (JCE) >provider intended for Java 1.4 or earlier it will not support this new API change and there may be errors with Diffie-Hellman based ciphers when using SSL. The SSL implementation attempts to setup elliptical curve cryptography with a ECGenParameterSpec object. This object wasn't added to until Java 1.5: http://docs.oracle.com/javase/7/docs/api/java/security/spec/ECGenParameterSpec.html (Notice the Since line).

For example, the bcprov-jdk14-131-1.0.jar is Bouncy Castle which is one such provider. This version of the provider is intended for JDK 1.4. Bouncy Castle provides different libraries for each JDK level.