JDK-6261681 : REGRESSION: Cannot generate DH key pair w/ SSL_DH_anon_WITH_RC4_128_MD5
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 5.0
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS: linux
  • CPU: x86
  • Submitted: 2005-04-26
  • Updated: 2010-04-02
  • Resolved: 2005-09-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6
5.0u7Fixed 6 betaFixed
Description
FULL PRODUCT VERSION :
java version "1.5.0_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_02-b09)
Java HotSpot(TM) Client VM (build 1.5.0_02-b09, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Linux xxxxxxxxxxxxx 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686 i686 i386 GNU/Linux


A DESCRIPTION OF THE PROBLEM :
Using code that has been working for several releases, we are unable to open an SSL connection under Java 1.5.  The same code connects when run from a Java 1.4.2 runtime.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Start an openssl server.  I've used the following command line on the linux box described:

$ openssl s_server -cipher ADH-RC4-MD5:EXP-ADH-RC4-MD5 -accept 8443 -HTTP -cert server.pem
 
2) Compile and run the simple client code, passing on the command line the IP and port of the SSL server


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
$ java -version
java version "1.4.2_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_06-b03)
Java HotSpot(TM) Client VM (build 1.4.2_06-b03, mixed mode)

$ java Client <host> <port>
HTTP/1.0 200 okContent-type: text/plainError accessing ''

ACTUAL -
See Error Message(s) below

ERROR MESSAGES/STACK TRACES THAT OCCUR :
$ java -version
java version "1.5.0_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_02-b09)
Java HotSpot(TM) Client VM (build 1.5.0_02-b09, mixed mode, sharing)

$ java Client 172.26.5.145 8443
Exception in thread "main" javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1443)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1426)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
        at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
        at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
        at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
        at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
        at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
        at java.io.BufferedWriter.flush(BufferedWriter.java:236)
        at Client.main(Client.java:48)
Caused by: java.lang.RuntimeException: Could not generate DH keypair
        at com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.java:137)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.getDHephemeral(ClientHandshaker.java:370)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:385)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:121)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
        ... 7 more
Caused by: java.security.InvalidAlgorithmParameterException: Exponent value must be less than (modulus value -1)
        at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA6275)
        at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:609)
        at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:351)
        at com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.java:123)
        ... 16 more


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.net.*;
import java.io.*;
import javax.net.*;
import javax.net.ssl.*;
import java.util.*;
import java.security.*;
 
public class Client {
   public static void main(String argv[]) throws Exception {
      if (argv.length != 2) {
         System.out.println("Usage: java Client host port ");
         System.exit(0);
      }
 
      int port = Integer.parseInt( argv[1] );
      String host = argv[0];
 
      // Get a Socket factory
      SocketFactory factory = SSLSocketFactory.getDefault();
 
      // Get Socket from factory
      SSLSocket socket = (SSLSocket)factory.createSocket( host, port );
 
      // Limit the available cipher suites.
      String[] cipherSuites =      {
         "SSL_DH_anon_WITH_RC4_128_MD5",
      };
 
      socket.setEnabledCipherSuites( cipherSuites );
 
      //  Open connection and write some data.
      BufferedWriter out = new BufferedWriter( new OutputStreamWriter(socket.getOutputStream()) );
      BufferedReader in = new BufferedReader( new InputStreamReader(socket.getInputStream()) );
      out.write("GET / HTTP/1.0\n\n");
      out.flush();
 
      //  Dump response to console.
      String line;
      StringBuffer sb = new StringBuffer();
      while((line = in.readLine()) != null) {
         sb.append(line);
      }
 
      out.close();
      in.close();
      System.out.println(sb.toString());
   }
}

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
None found: we cannot use Java 1.5 until this is resolved

Release Regression From : 1.4.1
The above release value was the last known release where this 
bug was known to work. Since then there has been a regression.

Release Regression From : 1.4.2
The above release value was the last known release where this 
bug was known to work. Since then there has been a regression.

Release Regression From : 5.0
The above release value was the last known release where this 
bug was known to work. Since then there has been a regression.
###@###.### 2005-04-26 20:03:14 GMT
Comments
EVALUATION For the DH client key exchange, we generate a temporary DH keypair with a private exponent length of 768 bits. However, the DH params that the OpenSSL server sent are only 512 bits long, so SunJCE is complaining that this does not make sense. ###@###.### 2005-04-26 22:34:34 GMT
26-04-2005