www-builds mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis Lundberg (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (BUILDS-85) Could not generate DH keypair / peer not authenticated
Date Thu, 09 Jul 2015 11:45:04 GMT

    [ https://issues.apache.org/jira/browse/BUILDS-85?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14620271#comment-14620271
] 

Dennis Lundberg edited comment on BUILDS-85 at 7/9/15 11:44 AM:
----------------------------------------------------------------

Java 6 does not support any ECDHE ciphers. It does support a couple of DHE ciphers, but these
are deemed insecure due to [Logjam|https://weakdh.org/].
Source: [Security/Server Side TLS - MozillaWiki|https://wiki.mozilla.org/Security/Server_Side_TLS#Forward_Secrecy]
under the section "DHE and ECDHE support".

The investigations I've done indicates that the most secure cipher you can use on Java 6 is
TLS_RSA_WITH_AES_128_CBC_SHA. If INFRA considers this to be secure enough it would be great
if that cipher could be enabled in the SSL proxy.

However it also depends on the parameter size used for Diffie-Hellman. Java 6 only supports
up to 1024 bits.
Source: [Security/Server Side TLS - MozillaWiki|https://wiki.mozilla.org/Security/Server_Side_TLS#Forward_Secrecy]
under the section "DHE and Java".



was (Author: dennisl@apache.org):
Java 6 does not support any ECDHE ciphers. It does support a couple of DHE ciphers, but these
are deemed insecure due to [Logjam|https://weakdh.org/].

The investigations I've done indicates that the most secure cipher you can use on Java 6 is
TLS_RSA_WITH_AES_128_CBC_SHA. If INFRA considers this to be secure enough it would be great
if that cipher could be enabled in the SSL proxy.

However it also depends on the parameter size used for Diffie-Hellman. Java 6 only supports
up to 1024 bits.

> Could not generate DH keypair / peer not authenticated 
> -------------------------------------------------------
>
>                 Key: BUILDS-85
>                 URL: https://issues.apache.org/jira/browse/BUILDS-85
>             Project: Infra Build Platform
>          Issue Type: Bug
>          Components: Jenkins
>            Reporter: Andreas Lehmkühler
>            Assignee: Geoffrey Corey
>
> We're getting this since june 10th:
> [INFO] --- maven-deploy-plugin:2.6:deploy (default-deploy) @ pdfbox-parent ---
> Downloading:https://repository.apache.org/content/repositories/snapshots/org/apache/pdfbox/pdfbox-parent/1.8.10-SNAPSHOT/maven-metadata.xml
> [WARNING] Could not transfer metadata org.apache.pdfbox:pdfbox-parent:1.8.10-SNAPSHOT/maven-metadata.xml
from/to apache.snapshots.https (https://repository.apache.org/content/repositories/snapshots):
Error transferring file: java.lang.RuntimeException: Could not generate DH keypair
> and this:
> [INFO] --- maven-deploy-plugin:2.8.2:deploy (default-deploy) @ pdfbox-parent ---
> Downloading:https://repository.apache.org/content/repositories/snapshots/org/apache/pdfbox/pdfbox-parent/2.0.0-SNAPSHOT/maven-metadata.xml
> [WARNING] Could not transfer metadata org.apache.pdfbox:pdfbox-parent:2.0.0-SNAPSHOT/maven-metadata.xml
from/to apache.snapshots.https (https://repository.apache.org/content/repositories/snapshots):
peer not authenticated
> The issue seems to be jdk related as only those builds using java 1.6.0_37 (unlimited
security) are failing. I've reconfigured the trunk build to use java 7 and everything works
fine, as well as our jdk7 based branch build.
> Any ideas? Maybe a plugin update which doesn't work with java6?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message