Open srk12318 opened 1 year ago
Recent versions of BCJSSE default to rejecting DH groups proposed by the server that are not in the list of standard groups. To confirm that this is the issue, you can try running with "-Dorg.bouncycastle.jsse.client.dh.unrestrictedGroups=true" (and possibly also "org.bouncycastle.jsse.client.dh.minimumPrimeBits=1024" to only require 1024 bit group instead of default minimum 2048).
The following alternatives would be preferable though:
Hi Team,
We updated bouncy castle jars to 1.7 after upgrading , few of API calls are failing in our java application.
Internal Exception: org.bouncycastle.tls.TlsFatalAlert: insufficient_security(71) at org.eclipse.persistence.exceptions.XMLMarshalException.marshalException(XMLMarshalException.java:104) ~[eclipselink.jar:2.6.7.v20190604-418f1a1c56] at org.eclipse.persistence.oxm.record.OutputStreamRecord.flush(OutputStreamRecord.java:584) ~[eclipselink.jar:2.6.7.v20190604-418f1a1c56] at org.eclipse.persistence.internal.oxm.XMLMarshaller.marshalStreamOrWriter(XMLMarshaller.java:1148) ~[eclipselink.jar:2.6.7.v20190604-418f1a1c56] at org.eclipse.persistence.internal.oxm.XMLMarshaller.marshal(XMLMarshaller.java:934) ~[eclipselink.jar:2.6.7.v20190604-418f1a1c56] at org.eclipse.persistence.internal.oxm.XMLMarshaller.marshal(XMLMarshaller.java:877) ~[eclipselink.jar:2.6.7.v20190604-418f1a1c56] at org.eclipse.persistence.jaxb.JAXBMarshaller.marshal(JAXBMarshaller.java:496) ~[eclipselink.jar:2.6.7.v20190604-418f1a1c56] at com.sun.jersey.core.provider.jaxb.AbstractRootElementProvider.writeTo(AbstractRootElementProvider.java:179) ~[com.sun.jersey.jersey-core.jar:1.19.4]
com.sun.jersey.api.client.RequestWriter.writeRequestEntity(RequestWriter.java:300) ~[com.sun.jersey.jersey-client.jar:1.19.4] at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:217) ~[com.sun.jersey.jersey-client.jar:1.19.4] at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153) ~[com.sun.jersey.jersey-client.jar:1.19.4 Caused by: org.bouncycastle.tls.TlsFatalAlert: insufficient_security(71) at org.bouncycastle.tls.TlsDHUtils.receiveDHConfig(Unknown Source) ~[bctls-jdk15on-1.70.jar:1.70.00.0] at org.bouncycastle.tls.TlsDHEKeyExchange.processServerKeyExchange(Unknown Source) ~[bctls-jdk15on-1.70.jar:1.70.00.0] at org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(Unknown Source) ~[bctls-jdk15on-1.70.jar:1.70.00.0] at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source) ~[bctls-jdk15on-1.70.jar:1.70.00.0] at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source) ~[bctls-jdk15on-1.70.jar:1.70.00.0] at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source) ~[bctls-jdk15on-1.70.jar:1.70.00.0] at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source) ~[bctls-jdk15on-1.70.jar:1.70.00.0] at
org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source) ~[bctls-jdk15on-1.70.jar:1.70.00.0] at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source) ~[bctls-jdk15on-1.70.jar:1.70.00.0] at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source) ~[bctls-jdk15on-1.70.jar:1.70.00.0] at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) ~[?:1.8.0_112] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[?:1 .8.0_112] com.sun.jersey.api.client.CommittingOutputStream.commitStream(CommittingOutputStream.java:117) ~[com.sun.jersey.jersey-client.jar:1.19.4] at com.sun.jersey.api.client.CommittingOutputStream.write(CommittingOutputStream.java:89) ~[com.sun.jersey.jersey-client.jar:1.19.4] at org.eclipse.persistence.oxm.record.OutputStreamRecord.flush(OutputStreamRecord.java:580) ~[eclipselink.jar:2.6.7.v20190604-418f1a1c56] at org.eclipse.persistence.internal.oxm.XMLMarshaller.marshalStreamOrWriter(XMLMarshaller.java:1148) ~[eclipselink.jar:2.6.7.v20190604-418f1a1c56] at org.eclipse.persistence.internal.oxm.XMLMarshaller.marshal(XMLMarshaller.java:934) ~[eclipselink.jar:2.6.7.v20190604-418f1a1c56] at org.eclipse.persistence.internal.oxm.XMLMarshaller.marshal(XMLMarshaller.java:877) ~[eclipselink.jar:2.6.7.v20190604-418f1a1c56] at org.eclipse.persistence.jaxb.JAXBMarshaller. com.sun.jersey.core.provider.jaxb.AbstractRootElementProvider.writeTo(AbstractRootElementProvider.java:179) ~[com.sun.jersey.jersey-core.jar:1.19.4] at com.sun.jersey.core.provider.jaxb.AbstractRootElementProvider.writeTo(AbstractRootElementProvider.java:157) ~[com.sun.jersey.jersey-core.jar:1.19.4] at com.sun.jersey.api.client.RequestWriter.writeRequestEntity(RequestWriter.java:300) ~[com.sun.jersey.jersey-client.jar:1.19.4] at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:217) ~[com.sun.jersey.jersey-client.jar:1.19.4] at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153) ~[com.sun.jersey.jersey-client.jar:1.19.4]