You are viewing a plain text version of this content. The canonical link for it is here.

Posted to httpclient-users@hc.apache.org by "Welty, Richard" <rw...@ltionline.com> on 2012/10/01 15:31:28 UTC

RE: how to work around javax.net.ssl.SSLKeyException: RSA premaster


Susanta Mohapatra [mailto:mohapatra.susanta@gmail.com] writes:
> You need to add the unlimited strength JCE files. Google it, you can find the download link easily.

I saw discussion of that in the context of Oracle/Sun environments, and IBM environments. It wasn't clear it applied to openjdk, but I'll try it and see.

Thanks,
  Richard


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

RE: how to work around javax.net.ssl.SSLKeyException: RSA premaster

Posted by "Welty, Richard" <rw...@ltionline.com>.

I finally worked out how to get the wirelog out of a Fuse ESB application, it's attached.

From: Susanta Mohapatra [mailto:mohapatra.susanta@gmail.com]
Sent: Thursday, October 04, 2012 10:18 AM
To: Welty, Richard
Cc: HttpClient User Discussion
Subject: Re: how to work around javax.net.ssl.SSLKeyException: RSA premaster


This is strange...  can you provide more info?

- what is the jdk version ?
- which server are you trying to connect? apache httpd or any thing else?
- are you using any authentication scheme with ssl ? like basic/digest/ntlm etc

try to start jvm with following flag: -Djavax.net.debug=all
This will generate wire log output in console. Send the wire log result.

-Susanta

On Thu, Oct 4, 2012 at 7:03 PM, Welty, Richard <rw...@ltionline.com>> wrote:
Welty, Richard [mailto:rwelty@ltionline.com<ma...@ltionline.com>]  wrote:

>Susanta Mohapatra [mailto:mohapatra.susanta@gmail.com<ma...@gmail.com>] writes:
>> You need to add the unlimited strength JCE files. Google it, you can find the download link easily.

>I saw discussion of that in the context of Oracle/Sun environments, and IBM environments. It wasn't clear it applied to >openjdk, but I'll try it and see.
I have ended up switching from openjdk to an oracle/sun jdk, 6u35, and have installed the unlimited JCE policy files as specified. I am still getting the error:

javax.net.ssl.SSLKeyException: RSA premaster secret error
        at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKe\
yExchange.java:97)[:1.6]
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Client\
Handshaker.java:744)[:1.6]
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientH\
andshaker.java:238)[:1.6]

any suggestions on how to diagnose this?

Richard

RE: how to work around javax.net.ssl.SSLKeyException: RSA premaster

Posted by "Welty, Richard" <rw...@ltionline.com>.

The jdk is sun/oracle 6u35 (the most recent 1.6)

The server I'm trying to talk to is a demo server for the service now product, the url is

https://demo04.service-now.com/cmdb_ci_list.do?XML&sysparm_query=name=

with username/password of admin/admin

I can access it fine with curl on the linux box, specifying the username/password on the command line (the service now server won't do interactive prompting for username/password.)

The authentication scheme at servicenow is basic

I'll try the wirelog output momentarily.

Thanks,
   richard

From: Susanta Mohapatra [mailto:mohapatra.susanta@gmail.com]
Sent: Thursday, October 04, 2012 10:18 AM
To: Welty, Richard
Cc: HttpClient User Discussion
Subject: Re: how to work around javax.net.ssl.SSLKeyException: RSA premaster


This is strange...  can you provide more info?

- what is the jdk version ?
- which server are you trying to connect? apache httpd or any thing else?
- are you using any authentication scheme with ssl ? like basic/digest/ntlm etc

try to start jvm with following flag: -Djavax.net.debug=all
This will generate wire log output in console. Send the wire log result.

-Susanta

On Thu, Oct 4, 2012 at 7:03 PM, Welty, Richard <rw...@ltionline.com>> wrote:
Welty, Richard [mailto:rwelty@ltionline.com<ma...@ltionline.com>]  wrote:

>Susanta Mohapatra [mailto:mohapatra.susanta@gmail.com<ma...@gmail.com>] writes:
>> You need to add the unlimited strength JCE files. Google it, you can find the download link easily.

>I saw discussion of that in the context of Oracle/Sun environments, and IBM environments. It wasn't clear it applied to >openjdk, but I'll try it and see.
I have ended up switching from openjdk to an oracle/sun jdk, 6u35, and have installed the unlimited JCE policy files as specified. I am still getting the error:

javax.net.ssl.SSLKeyException: RSA premaster secret error
        at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKe\
yExchange.java:97)[:1.6]
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Client\
Handshaker.java:744)[:1.6]
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientH\
andshaker.java:238)[:1.6]

any suggestions on how to diagnose this?

Richard

Re: how to work around javax.net.ssl.SSLKeyException: RSA premaster

Posted by Susanta Mohapatra <mo...@gmail.com>.

This is strange...  can you provide more info?

- what is the jdk version ?
- which server are you trying to connect? apache httpd or any thing else?
- are you using any authentication scheme with ssl ? like basic/digest/ntlm
etc

try to start jvm with following flag: -Djavax.net.debug=all
This will generate wire log output in console. Send the wire log result.

-Susanta


On Thu, Oct 4, 2012 at 7:03 PM, Welty, Richard <rw...@ltionline.com> wrote:

> Welty, Richard [mailto:rwelty@ltionline.com]  wrote:
>
> >Susanta Mohapatra [mailto:mohapatra.susanta@gmail.com] writes:
> >> You need to add the unlimited strength JCE files. Google it, you can
> find the download link easily.
>
> >I saw discussion of that in the context of Oracle/Sun environments, and
> IBM environments. It wasn't clear it applied to >openjdk, but I'll try it
> and see.
>
> I have ended up switching from openjdk to an oracle/sun jdk, 6u35, and
> have installed the unlimited JCE policy files as specified. I am still
> getting the error:
>
> javax.net.ssl.SSLKeyException: RSA premaster secret error
>         at
> com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKe\
> yExchange.java:97)[:1.6]
>         at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Client\
> Handshaker.java:744)[:1.6]
>         at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientH\
> andshaker.java:238)[:1.6]
>
> any suggestions on how to diagnose this?
>
> Richard
>
>

RE: how to work around javax.net.ssl.SSLKeyException: RSA premaster

Posted by "Welty, Richard" <rw...@ltionline.com>.

Welty, Richard [mailto:rwelty@ltionline.com]  wrote:

>Susanta Mohapatra [mailto:mohapatra.susanta@gmail.com] writes:
>> You need to add the unlimited strength JCE files. Google it, you can find the download link easily.

>I saw discussion of that in the context of Oracle/Sun environments, and IBM environments. It wasn't clear it applied to >openjdk, but I'll try it and see.

I have ended up switching from openjdk to an oracle/sun jdk, 6u35, and have installed the unlimited JCE policy files as specified. I am still getting the error:

javax.net.ssl.SSLKeyException: RSA premaster secret error
        at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKe\
yExchange.java:97)[:1.6]
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Client\
Handshaker.java:744)[:1.6]
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientH\
andshaker.java:238)[:1.6]

any suggestions on how to diagnose this?

Richard


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org