You are viewing a plain text version of this content. The canonical link for it is here.
Posted to builds@apache.org by "Dennis Lundberg (JIRA)" <ji...@apache.org> on 2015/07/09 13:45:04 UTC
[jira] [Comment Edited] (BUILDS-85) Could not generate DH keypair /
peer not authenticated
[ https://issues.apache.org/jira/browse/BUILDS-85?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14620271#comment-14620271 ]
Dennis Lundberg edited comment on BUILDS-85 at 7/9/15 11:44 AM:
----------------------------------------------------------------
Java 6 does not support any ECDHE ciphers. It does support a couple of DHE ciphers, but these are deemed insecure due to [Logjam|https://weakdh.org/].
Source: [Security/Server Side TLS - MozillaWiki|https://wiki.mozilla.org/Security/Server_Side_TLS#Forward_Secrecy] under the section "DHE and ECDHE support".
The investigations I've done indicates that the most secure cipher you can use on Java 6 is TLS_RSA_WITH_AES_128_CBC_SHA. If INFRA considers this to be secure enough it would be great if that cipher could be enabled in the SSL proxy.
However it also depends on the parameter size used for Diffie-Hellman. Java 6 only supports up to 1024 bits.
Source: [Security/Server Side TLS - MozillaWiki|https://wiki.mozilla.org/Security/Server_Side_TLS#Forward_Secrecy] under the section "DHE and Java".
was (Author: dennisl@apache.org):
Java 6 does not support any ECDHE ciphers. It does support a couple of DHE ciphers, but these are deemed insecure due to [Logjam|https://weakdh.org/].
The investigations I've done indicates that the most secure cipher you can use on Java 6 is TLS_RSA_WITH_AES_128_CBC_SHA. If INFRA considers this to be secure enough it would be great if that cipher could be enabled in the SSL proxy.
However it also depends on the parameter size used for Diffie-Hellman. Java 6 only supports up to 1024 bits.
> Could not generate DH keypair / peer not authenticated
> -------------------------------------------------------
>
> Key: BUILDS-85
> URL: https://issues.apache.org/jira/browse/BUILDS-85
> Project: Infra Build Platform
> Issue Type: Bug
> Components: Jenkins
> Reporter: Andreas Lehmkühler
> Assignee: Geoffrey Corey
>
> We're getting this since june 10th:
> [INFO] --- maven-deploy-plugin:2.6:deploy (default-deploy) @ pdfbox-parent ---
> Downloading:https://repository.apache.org/content/repositories/snapshots/org/apache/pdfbox/pdfbox-parent/1.8.10-SNAPSHOT/maven-metadata.xml
> [WARNING] Could not transfer metadata org.apache.pdfbox:pdfbox-parent:1.8.10-SNAPSHOT/maven-metadata.xml from/to apache.snapshots.https (https://repository.apache.org/content/repositories/snapshots): Error transferring file: java.lang.RuntimeException: Could not generate DH keypair
> and this:
> [INFO] --- maven-deploy-plugin:2.8.2:deploy (default-deploy) @ pdfbox-parent ---
> Downloading:https://repository.apache.org/content/repositories/snapshots/org/apache/pdfbox/pdfbox-parent/2.0.0-SNAPSHOT/maven-metadata.xml
> [WARNING] Could not transfer metadata org.apache.pdfbox:pdfbox-parent:2.0.0-SNAPSHOT/maven-metadata.xml from/to apache.snapshots.https (https://repository.apache.org/content/repositories/snapshots): peer not authenticated
> The issue seems to be jdk related as only those builds using java 1.6.0_37 (unlimited security) are failing. I've reconfigured the trunk build to use java 7 and everything works fine, as well as our jdk7 based branch build.
> Any ideas? Maybe a plugin update which doesn't work with java6?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)