hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <ROLWE...@de.ibm.com>
Subject Re: Invalid RSA modulus size
Date Mon, 21 Jun 2004 05:06:01 GMT
Hello Tim,

from what I know about the export regulations, shipping
working crypto code that is just disabled through some
configuration file is not acceptable. You will have to
obtain a full-strength JCE/JSSE implementation. Either
a US-only version of the JDK, or a non-US implementation
of the library which is not subject to US or other export
restrictions on cryptography.

cheers,
  Roland




Tim Wild <tim.wild@solnetsolutions.co.nz> 
21.06.2004 05:19
Please respond to
"Commons HttpClient Project"


To
Commons HttpClient Project <commons-httpclient-dev@jakarta.apache.org>
cc

Subject
Re: Invalid RSA modulus size






Does anyone know if the Unlimited Strength Jurisdiction Policy Files are 
meant to solve this problem, or is it actually a bug with the JDK1.4? 
The policy files don't help me at all on the JDK1.4.

Thanks

Tim

Oleg Kalnichevski wrote:

>Tim,
>
>This is believed to be a limitation of all Sun's JCE/JSSE
>implementations up to Java version 1.5. You can try testing your
>application with Java 1.5-b2 to see if the problem has indeed been
>fixed. Alternatively consider using IBM Java 1.4 or 3rd party JCE/JSSE
>implementations which _may_ not exhibit the same limitation
>
>HTH
>
>Oleg
>
>On Sat, 2004-06-12 at 05:36, Tim Wild wrote:
> 
>
>>Hi,
>>
>>I'm using HttpClient to connect to an apache server that requires 
>>certificates. When I use client and server certificates from my own CA 
>>with 1024 bit keys it works perfectly. When I get a commercial 
>>certificate with a longer key (4096 bits), I get the following error 
>>(full message below) when I connect to apache:
>>
>>javax.net.ssl.SSLProtocolException: java.io.IOException: subject key, 
>>Unknown key spec: Invalid RSA modulus size.
>>
>>Google produced one result, which talked about a maximum key size using 
>>the JCE of 2048 bits using the JDK 1.4.2 default policy files. Another 
>>site suggested getting the unrestricted policy files, so I got and 
>>installed them, but it doesn't seem to make any difference at all.
>>
>>Does anyone have any thought or suggestions? Half formed thoughs or 
>>ideas are welcome as it might give me a lead that I can follow myself.
>>
>>Thanks
>>
>>Tim Wild
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: 
commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: 
commons-httpclient-dev-help@jakarta.apache.org
>>
>> 
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: 
commons-httpclient-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: 
commons-httpclient-dev-help@jakarta.apache.org
>
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: 
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: 
commons-httpclient-dev-help@jakarta.apache.org



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message