0

My java application was able to connect to the third party application using https SSL connection when the endpoint URL had IP address in it. Now, when the IP address got changed to Hostname, I am getting “SSL handshake exception” . Apart from this there were no code update or any other changes done. Only change what was done is that the thiry party is using Hostname in the Endpoint URL , instead of IP address.

Earlier URL: https://10.0.0.1:5368/invoke/Upload.Accept/receiveReply Present URL: https://service.serviceprovider.com:5368/invoke/Upload.Accept/receiveReply

Any ideas what is causing this and how to fix it?

Please let me know if any more details is required.

Below is the stacktrace of the error:

javax.net.ssl.SSLHandshakeException: Could not generate secret
        at sun.security.ssl.DHCrypt.getAgreedSecret(DHCrypt.java:219)
        at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1056)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
        at com.etsalat.adapter.sadad.PaymentLoadAdapter.run(PaymentLoadAdapter.java:130)
        at java.lang.Thread.run(Thread.java:748)

     Caused by: java.security.NoSuchAlgorithmException: TlsPremasterSecret SecretKeyFactory not available
        at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:122)
        at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:160)
        at iaik.security.dh.DHKeyAgreement.engineGenerateSecret(Unknown Source)
        at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:648)
        at sun.security.ssl.DHCrypt.getAgreedSecret(DHCrypt.java:217)
Improve this question
10
  • You can just change the url and expect it to work as before. SSL certificate is issued for a specific url, if you change the url you have to issue a new certificate for the new url and configure your application to use that certificate. Commented May 9, 2017 at 7:41
  • I meant you can'T just change... Commented May 9, 2017 at 8:08
  • @OleksandrShpota None of that explains 'can't generate secret'. If the handshake got as far as ServerHelloDone the certificate was accepted. Commented May 9, 2017 at 9:42
  • @OleksandrShpota : I think since the ServerHelloDone was done, it should not be an certificate error. Is there anyway to validate the certificate for a particular URL? Commented May 9, 2017 at 12:16
  • @siddharthachakraborty you can run openssl s_client -connect service.serviceprovider.com:5368 -showcerts and check for "subject" section in the output. Commented May 9, 2017 at 13:06

1 Answer 1

Reset to default
1

I had the same issue before.

The exception: "SecretKeyFactory not available" happens if the digital signature API you are using is not added to Java SDK your application use.

To add the API to Java SDK: 1. Navigate to the lib-signed folder and then copy API jar file (for example: iaik_jce.jar) to /jre/lib/ext. 2. Navigate to /jre/lib/security and then add the following to java.security security.provider.10=iaik.security.provider.IAIK Note: If the number '10' is being used by another entry, use the next available number.

for more information refer to: http://docs.oracle.com/cd/E61144_01/English/Install_and_Config/Automatic_Install_and_Config/helpmain.htm?toc.htm?89631.htm

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.