3

I am trying to connect to a "https://" site which supports "TLSv1" protocol and the following cipher suites,

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 4096 bits
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 4096 bits

using Apache's httpclient (Java platform - JDK 1.7)

Its working fine in JDK1.8 (which has support for Cipher suites with DH parameters > 1024 bits)

But its failing in JDK 1.7 with the following exception,

main, handling exception: java.lang.ArrayIndexOutOfBoundsException: 64
%% Invalidated:  [Session-1, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1 ALERT:  fatal, description = internal_error
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 50                               ......P
main, called closeSocket()
main, IOException in getSession():  javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 64

As suggested in the workaround here,

http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6521495, I used tried using Bouncy Castle Provider but still getting the same exception.

Any help would be great. Thanks.

4

1 回答 1

6

问题是,您使用 2048 DH 密钥和 TLS v1,而它与 TLS v1.2 兼容,因此您可以通过三种方式解决它:

1)升级你的JDK版本到1.8

2) 从服务器禁用所有 DHE 密码

3) 在服务器上使用 1048 DH 密钥

有关更多详细信息,请参见此处

于 2016-10-03T10:05:12.540 回答