[Shib-Users] Bouncy castle - Mozilla Firefox for Ubuntu 3.0.15

[Bart Ophelders]

Hi,

 

I thought it would be interesting to share this information with the list.

 

I encountered an error (ssl_error_internal_error_alert) in Firefox when surfing to my Tomcat 6 webserver through https (on which I installed an IdP).

The error wasn’t occurring in IE and Chrome.

After increasing my Tomcat logs to DEBUG, I found out that the the problem  was lying with Bouncy Castle.

The logs state:

16:19:43,105 [http-443-1] DEBUG Handshake failed - org.apache.tomcat.util.net.JIoEndpoint [20091112]

javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:160)

at org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:639)

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)

at java.lang.Thread.run(Unknown Source)

Caused by: java.lang.RuntimeException: Could not generate DH keypair

at com.sun.net.ssl.internal.ssl.ECDHCrypt.<init>(Unknown Source)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.setupEphemeralECDHKeys(Unknown Source)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.trySetCipherSuite(Unknown Source)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(Unknown Source)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

... 6 more

Caused by: java.security.InvalidAlgorithmParameterException: unknown curve name: 1.2.840.10045.3.1.7

at org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC.initialize(Unknown Source)

... 16 more

 

I was using bcprov-jdk16-143.jar

Upgrading to bcprov-jdk16-144.jar solved the problem.

 

I was using Firefox for Ubuntu 3.0.15

 

-Bart Ophelders