Uploaded image for project: 'GeoServer'
  1. GEOS-7642

SSL communication to external server fails

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: 2.9.0
    • Fix Version/s: 2.10-M0
    • Component/s: Main
    • Labels:
      None
    • Environment:

      Java JDK: openjdk version "1.8.0_91"
      OS: Amazon linux

      Description

      When requesting an external SLD from a server running https.

      18 Jul 17:38:16 WARN [geoserver.ows] - Exception while getting SLD.
      javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
      at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906)
      at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
      at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
      at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
      at org.vfny.geoserver.util.Requests.getInputStream(Requests.java:248)
      at org.geoserver.wms.map.GetMapKvpRequestReader.read(GetMapKvpRequestReader.java:340)
      at org.geoserver.wms.map.GetMapKvpRequestReader.read(GetMapKvpRequestReader.java:84)
      at org.geoserver.ows.Dispatcher.parseRequestKVP(Dispatcher.java:1488)
      at org.geoserver.ows.Dispatcher.dispatch(Dispatcher.java:674)
      at org.geoserver.ows.Dispatcher.handleRequestInternal(Dispatcher.java:258)
      at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:147)
      at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)
      at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)
      at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
      at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:968)
      at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:859)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
      at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:844)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
      at org.geoserver.filters.ThreadLocalsCleanupFilter.doFilter(ThreadLocalsCleanupFilter.java:28)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:75)
      at org.geoserver.wms.animate.AnimatorFilter.doFilter(AnimatorFilter.java:71)
      at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:71)
      at org.geoserver.filters.SpringDelegatingFilter.doFilter(SpringDelegatingFilter.java:46)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      at org.geoserver.platform.AdvancedDispatchFilter.doFilter(AdvancedDispatchFilter.java:50)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316)
      at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
      at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)
      at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
      at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
      at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
      at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
      at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
      at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
      at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
      at org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.doFilter(GeoServerAnonymousAuthenticationFilter.java:54)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
      at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
      at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
      at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
      at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
      at org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.doFilter(GeoServerBasicAuthenticationFilter.java:84)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
      at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
      at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
      at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)
      at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
      at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
      at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
      at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
      at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)
      at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
      at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)
      at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
      at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
      at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
      at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
      at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
      at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
      at org.eclipse.jetty.server.Server.handle(Server.java:499)
      at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
      at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
      at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
      at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
      at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
      at java.lang.Thread.run(Thread.java:745)
      Caused by: java.lang.RuntimeException: Could not generate DH keypair
      at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:81)
      at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:721)
      at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:281)
      at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
      at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
      ... 93 more
      Caused by: java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec
      at org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC.initialize(Unknown Source)
      at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:76)
      ... 100 more

      A little bit of research lead me to http://stackoverflow.com/questions/26769855/httpclient-sslexception.

      I threw a newer version of bouncy castle in and the problem whet away:
      https://www.bouncycastle.org/latest_releases.html

        Attachments

          Activity

            People

            • Assignee:
              mcrmcr Christian Mueller
              Reporter:
              newmanw Billy Newman
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: