Uploaded image for project: 'OpenShift Java Client'
  1. OpenShift Java Client
  2. OSJC-125

Allow users to remove DHE ciphers

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Major
    • 2.6.2
    • 2.6.1
    • core
    • None

    Description

      The upcoming RHEL 6.6 is set to use (in SSL) DHE ciphers with keys > 1024 bits. Jdks < 1.8 do not support DHE cipher keys > 1024 bits. So when the httpd in RHEL 6.6 is choosing to use a DHE cipher (since the java client offered it) a is using keys > 1024 bits then the java client breaks and cannot communicate with it. Java throws exceptions like these:

      java.io.IOException: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
        at hudson.plugins.openshift.OpenShiftCloud.getOpenShiftConnection(OpenShiftCloud.java:186)
        at hudson.plugins.openshift.OpenShiftCloud.getSlaves(OpenShiftCloud.java:877)
        at hudson.plugins.openshift.OpenShiftCloud.provisionSlave(OpenShiftCloud.java:451)
        at hudson.plugins.openshift.OpenShiftCloud.provision(OpenShiftCloud.java:413)
        at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:281)
        at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:51)
        at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:368)
        at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:54)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
Caused by: com.openshift.client.OpenShiftEndpointException: Could not request https://broker.ose21z-auto.com.cn/broker/rest/api: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

      The solution is to remove DHE ciphers from the list of supported ciphers that java is sending to the user (as discussed in JBIDE-18454)

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. JBIDE-18454 Cant connect to OpenShift running on RHEL 6.6 (javax.net.ssl.SSLException: Could not generate DH keypair)

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. JBIDE-18502 Cant connect to OpenShift running on RHEL 6.6 (javax.net.ssl.SSLException: Could not generate DH keypair)

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              adietish@redhat.com André Dietisheim
              adietish@redhat.com André Dietisheim
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: