You are viewing a plain text version of this content. The canonical link for it is here.
Posted to builds@apache.org by "Dennis Lundberg (JIRA)" <ji...@apache.org> on 2015/07/10 08:54:04 UTC
[jira] [Updated] (BUILDS-85) Could not generate DH keypair / peer
not authenticated
[ https://issues.apache.org/jira/browse/BUILDS-85?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dennis Lundberg updated BUILDS-85:
----------------------------------
Attachment: SSLPoke.java
I did some more testing and found out that you need to disable the TLS_DHE_* certificates from the SSL proxy in order for this to work on Java 6.
To verfiy this I modified the [SSLPoke program|https://confluence.atlassian.com/download/attachments/186712330/SSLPoke.java?version=1&modificationDate=1240984200180&api=v2] from [Atlassian|https://confluence.atlassian.com/display/FISHKB/PKIX+Path+Building+Failed+-+Cannot+Set+Up+Trusted+Applications+To+SSL+Services].
In its pristine version SSLPoke fails if you run this command using Java 6:
{{java SSLPoke repository.apache.org 443}}
My modified version is only allowed to use a single cipher, if specified on the command line, will succeed when run like this.
{{java SSLPoke repository.apache.org 443 TLS_RSA_WITH_AES_128_CBC_SHA}}
So I guess that Java 6 will prefer a TLS_DHE_* cipher if it is available on the server.
> Could not generate DH keypair / peer not authenticated
> -------------------------------------------------------
>
> Key: BUILDS-85
> URL: https://issues.apache.org/jira/browse/BUILDS-85
> Project: Infra Build Platform
> Issue Type: Bug
> Components: Jenkins
> Reporter: Andreas Lehmkühler
> Assignee: Geoffrey Corey
> Attachments: SSLPoke.java
>
>
> We're getting this since june 10th:
> [INFO] --- maven-deploy-plugin:2.6:deploy (default-deploy) @ pdfbox-parent ---
> Downloading:https://repository.apache.org/content/repositories/snapshots/org/apache/pdfbox/pdfbox-parent/1.8.10-SNAPSHOT/maven-metadata.xml
> [WARNING] Could not transfer metadata org.apache.pdfbox:pdfbox-parent:1.8.10-SNAPSHOT/maven-metadata.xml from/to apache.snapshots.https (https://repository.apache.org/content/repositories/snapshots): Error transferring file: java.lang.RuntimeException: Could not generate DH keypair
> and this:
> [INFO] --- maven-deploy-plugin:2.8.2:deploy (default-deploy) @ pdfbox-parent ---
> Downloading:https://repository.apache.org/content/repositories/snapshots/org/apache/pdfbox/pdfbox-parent/2.0.0-SNAPSHOT/maven-metadata.xml
> [WARNING] Could not transfer metadata org.apache.pdfbox:pdfbox-parent:2.0.0-SNAPSHOT/maven-metadata.xml from/to apache.snapshots.https (https://repository.apache.org/content/repositories/snapshots): peer not authenticated
> The issue seems to be jdk related as only those builds using java 1.6.0_37 (unlimited security) are failing. I've reconfigured the trunk build to use java 7 and everything works fine, as well as our jdk7 based branch build.
> Any ideas? Maybe a plugin update which doesn't work with java6?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)