SSL handshake error 'java.lang.SecurityException: Unsupported keysize or algorithm parameters'.

SSL handshake error 'java.lang.SecurityException: Unsupported keysize or algorithm parameters'.

book

Article ID: KB0087950

calendar_today

Updated On:

Products Versions
TIBCO ActiveMatrix BusinessWorks -
Not Applicable -

Description

Resolution:

Description: 
============
TIBCO BusinessWorks (BW) fails to create an SSL connection to the server. A 'Fatal SSL handshake error:
 java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: java.lang.SecurityException: Unsupported keysize or algorithm parameters' appears in the BW application log file. 


Environment:
===========
Operating System(s): All

Symptoms:
========
Full exception stack:

An IOException was thrown while trying to execute the Http method
        at com.tibco.plugin.share.http.client.JakartaHttpTransportDriver$RequestExecutor.run(JakartaHttpTransportDriver.java:241)
        at com.tibco.pe.util.ThreadPool$ThreadPoolThread.run(ThreadPool.java:99)
caused by: java.io.IOException: Fatal SSL handshake error: java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: java.lang.SecurityException: Unsupported keysize or algorithm parameters
        at iaik.security.ssl.SSLTransport.b(Unknown Source)
        at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
        at iaik.security.ssl.SSLTransport.a(Unknown Source)
        at iaik.security.ssl.SSLTransport.renegotiate(Unknown Source)
        at iaik.security.ssl.SSLSocket.renegotiate(Unknown Source)
        at com.tibco.security.ssl.entrust6.b.doHandshake(SSLClientImpl.java)
        at com.tibco.plugin.share.security.TIBCryptClientSocketFactory.createSocket(TIBCryptClientSocketFactory.java:63)
        at org.apache.commons.httpclient.HttpConnection.tunnelCreated(HttpConnection.java:746)
        at org.apache.commons.httpclient.ConnectMethod.execute(ConnectMethod.java:172)
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:643)
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:497)
        at com.tibco.plugin.share.http.client.JakartaHttpTransportDriver$RequestExecutor.run(JakartaHttpTransportDriver.java:235)
        at com.tibco.pe.util.ThreadPool$ThreadPoolThread.run(ThreadPool.java:99)

Cause:
=====
By default, BW uses entrust API for security which only supports RSA keysize up to 2048 bits.

Resolution:
==========
Download the unlimited strength policy from the JRE vendor:

1). Go to the website 


http://www.oracle.com/technetwork/java/javase/downloads/index.html 


and download:

 
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE <JRE_VERSION>

The zip file contains two JAR files: local_policy.jar, US_export_policy.jar

2). In the BW installation, go to  <TIBCO_HOME>/jre/<VERSION>/lib/security  and backup these two JAR files and place the newly downloaded JAR files in their place.

Issue/Introduction

SSL handshake error 'java.lang.SecurityException: Unsupported keysize or algorithm parameters'.
Powered by Wolken Software