upgrade activemq from 5.6 to 5.9

[devworkslogin <de...@hotmail.com>]

Hello, I am trying to upgrade from activemq 5.6 to 5.9 or later with embedded
activemq broker. 

When upgraded to 5.9 and our application starts, any https request fails
with the following error: 

Could not generate DH keypair; nested exception is
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate
DH keypair
 at
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:607)
 at
org.springframework.web.client.RestTemplate.execute(RestTemplate.java:565)

Caused by: java.security.InvalidAlgorithmParameterException: parameter
object not a ECParameterSpec
        at
org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown
Source)
        at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:77)
       

Although it doesn't look anyway related to ActiveMQ, it does look like an
older version of bouncy castle is being loaded. (We do have bc-prov-1.38.jar
in the classpath) 

I looked around to found that activemq 5.8 onwards, there is transitive
dependency on bc-1.47. 

Any recommendations on how to resolve this dependency issue? Is this an
issue only with activemq 5.9 and bouncy castle or is there some other
dependency issue that is not evident?







--
View this message in context: http://activemq.2283324.n4.nabble.com/upgrade-activemq-from-5-6-to-5-9-tp4728235.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: upgrade activemq from 5.6 to 5.9

[Tim Bain <tb...@alumni.duke.edu>]

Here are a few options off the top of my head:

1. Don't upgrade ActiveMQ till you can upgrade BouncyCastle.
2. Use a debugger to trace the Spring code to figure out which DH algorithm
is the one causing the problem, and then disable its use by your client
code. I've personally never used BouncyCastle, so I don't know offhand how
the disabling gets done (sorry), but I'm confident that the Internet does.
3. Split out your ActiveMQ broker into a standalone process, where its JARs
won't conflict with your app's JARs on the classpath.
4. Stop using the REST API and use the Java JMS client instead.

Tim

On Jul 6, 2017 12:30 PM, "devworkslogin" <de...@hotmail.com> wrote:

> Unfortunately, we cannot upgrade yet to bc-1.47. Is there any other
> approach
> that can be considered?
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.
> nabble.com/upgrade-activemq-from-5-6-to-5-9-tp4728235p4728290.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>

Re: upgrade activemq from 5.6 to 5.9

[devworkslogin <de...@hotmail.com>]

Unfortunately, we cannot upgrade yet to bc-1.47. Is there any other approach
that can be considered? 



--
View this message in context: http://activemq.2283324.n4.nabble.com/upgrade-activemq-from-5-6-to-5-9-tp4728235p4728290.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: upgrade activemq from 5.6 to 5.9

[Tim Bain <tb...@alumni.duke.edu>]

Have you tried removing your dependency on 1.38 and depending only on 1.47?
If that works, it seems like the simplest solution.

Tim

On Jul 5, 2017 4:09 PM, "devworkslogin" <de...@hotmail.com> wrote:

> Hello, I am trying to upgrade from activemq 5.6 to 5.9 or later with
> embedded
> activemq broker.
>
> When upgraded to 5.9 and our application starts, any https request fails
> with the following error:
>
> Could not generate DH keypair; nested exception is
> javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate
> DH keypair
>  at
> org.springframework.web.client.RestTemplate.doExecute(
> RestTemplate.java:607)
>  at
> org.springframework.web.client.RestTemplate.execute(RestTemplate.java:565)
>
> Caused by: java.security.InvalidAlgorithmParameterException: parameter
> object not a ECParameterSpec
>         at
> org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC.initialize(Unknown
> Source)
>         at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:77)
>
>
> Although it doesn't look anyway related to ActiveMQ, it does look like an
> older version of bouncy castle is being loaded. (We do have
> bc-prov-1.38.jar
> in the classpath)
>
> I looked around to found that activemq 5.8 onwards, there is transitive
> dependency on bc-1.47.
>
> Any recommendations on how to resolve this dependency issue? Is this an
> issue only with activemq 5.9 and bouncy castle or is there some other
> dependency issue that is not evident?
>
>
>
>
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.
> nabble.com/upgrade-activemq-from-5-6-to-5-9-tp4728235.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>