Java 1.6 Could not generate DH keypair

I'm trying to support Java 1.6 for Mac Users, mainly me really right now. I was happily coding my plugin with Java 1.8 and running the plugin through the IDE and everything was fine. However, I realized after trying to install my plugin in my Ultimate edition that I actually use Java 1.6 for the smoother font rendering with better aliasing. Once I did that I started getting the following error from trying to make a connection using apache http commons. Has anyone else had to deal with this? I did some reading and this was a bug that was fixed in an update in Java 1.7 which was why it didn't affect java 1.8. I know this is not necessary directly an intellij Plugin question, but I'm hoping someone else has had experience with this before.

SSLException: java.lang.RuntimeException: Could not generate DH keypair

java.lang.RuntimeException: Could not generate DH keypair
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1708)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1691)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1222)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
     at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290)
     at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259)
     at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125)
     at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319)
     at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
     at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
     at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
     at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
     at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
     at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
     at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
     at com.demandware.studio.DWServerConnection$RequestThread.run(DWServerConnection.java:82)
     at com.intellij.openapi.application.impl.ApplicationImpl$8.run(ApplicationImpl.java:400)
     at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:439)
     at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
     at java.util.concurrent.FutureTask.run(FutureTask.java:138)
     at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
     at java.lang.Thread.run(Thread.java:695)
     at org.jetbrains.ide.PooledThreadExecutor$1$1.run(PooledThreadExecutor.java:56)
Caused by: java.lang.RuntimeException: Could not generate DH keypair
     at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:114)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:559)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:186)
     at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
     at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
     ... 21 more
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
     at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA13*..)
     at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:627)
     at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:107)
     ... 28 more

4 comments
Comment actions Permalink

I wasn't able to resolve this issue. It seems to be a problem with the Java 1.6 JDK Security strength policies which are set to a hard limit by default. The solution is to install Unlimited Policies on the JRE that is running the program. Even when I did this I couldn't get it to work so I've given up trying to fix the issue. Instead I'm now requiring JDK 8 since this issue is fixed there.

This brings me to another question.

Can I dynamically load pieces of a plugin based on the current JDK? Essentially making some functionality unavailable unless they are running the minimum specified JDK?

0
Comment actions Permalink

You can use SystemProperties.getJavaVersion() to check the version of the JVM that the user is running, and simply hide or disable features of your plugin if the JVM doesn't meet your requirements.

0
Comment actions Permalink

That sounds easy enough. Is there a way to not even register the component in the plugin.xml based on the currenet SDK? Just curious. I can always run return from my component as you said using the SystemProperties.getJavaVersion().

Thanks!

0
Comment actions Permalink

No, there's no way to make a registration in plugin.xml dependent on the Java version.


0

Please sign in to leave a comment.