Highlighted

DH handshake issue with web service using ColdFusion 7 and 8 after java 8 update

New Here ,
Apr 14, 2016

Copy link to clipboard

Copied

ColdFusion 7 and 8 are bundled with a variant of JRE1.6.

I have a script which has successfully consumed a web service for years.  Last week, the provider of the web service updated their version of Apache and Java on the server to java 1.8 (or java 8).

I could no longer consume the web service after the web service provider upgrade of Apache and Java and would receive the following DH keypair error each time I try to consume the service:

-----------------

AxisFault

faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException

faultSubcode:

faultString: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

faultActor:

faultNode:

faultDetail:

{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1554)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1537)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1130)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)

at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)

at org.apache.axis.transport.http.HTTPSender.getSocket(HTT... ''

-----------------

I asked the web service provider why this would stop working and how we can fix it.  They suggested I upgrade to the latest version of Java on my server running ColdFusion.  I did some research and found the problem to be with the amount of memory allocated to the variable containing the encryption key.

The big problem is when I tried to upgrade java on this particular server (Windows Server 2003), the install returned a messaged stating it couldn't run on the older OS and I would need to upgrade my OS in order to install java.

Does anyone have a workaround in ColdFusion 7 or 8 by which you can establish the DH handshake using Java 1.6 on your local server while consuming a web service on a server using Java 1.8?

Hi, frank000000‌,

I know that we've had some serious issues with any Java 7 after update 25.  They turned off a lot of network permissions and other things, as a security measure, that used to be available in versions prior to update 25.  But that was when we were running CF Server 9.

Ever since we upgraded to CF Server 10 (making sure that we got the CF installer that came with Java 8), we've had very few issues relating to Java.

It seems odd, to me, that the host upgrading to 1.8 while your server is at 1.6 would cause any problems.  It very well could be something else.  I'd ask the host provider for documentation outlining exactly how/why their 1.8 could cause interference with your 1.6.

HTH,

^_^

Views

894

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

DH handshake issue with web service using ColdFusion 7 and 8 after java 8 update

New Here ,
Apr 14, 2016

Copy link to clipboard

Copied

ColdFusion 7 and 8 are bundled with a variant of JRE1.6.

I have a script which has successfully consumed a web service for years.  Last week, the provider of the web service updated their version of Apache and Java on the server to java 1.8 (or java 8).

I could no longer consume the web service after the web service provider upgrade of Apache and Java and would receive the following DH keypair error each time I try to consume the service:

-----------------

AxisFault

faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException

faultSubcode:

faultString: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

faultActor:

faultNode:

faultDetail:

{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1554)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1537)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1130)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)

at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)

at org.apache.axis.transport.http.HTTPSender.getSocket(HTT... ''

-----------------

I asked the web service provider why this would stop working and how we can fix it.  They suggested I upgrade to the latest version of Java on my server running ColdFusion.  I did some research and found the problem to be with the amount of memory allocated to the variable containing the encryption key.

The big problem is when I tried to upgrade java on this particular server (Windows Server 2003), the install returned a messaged stating it couldn't run on the older OS and I would need to upgrade my OS in order to install java.

Does anyone have a workaround in ColdFusion 7 or 8 by which you can establish the DH handshake using Java 1.6 on your local server while consuming a web service on a server using Java 1.8?

Hi, frank000000‌,

I know that we've had some serious issues with any Java 7 after update 25.  They turned off a lot of network permissions and other things, as a security measure, that used to be available in versions prior to update 25.  But that was when we were running CF Server 9.

Ever since we upgraded to CF Server 10 (making sure that we got the CF installer that came with Java 8), we've had very few issues relating to Java.

It seems odd, to me, that the host upgrading to 1.8 while your server is at 1.6 would cause any problems.  It very well could be something else.  I'd ask the host provider for documentation outlining exactly how/why their 1.8 could cause interference with your 1.6.

HTH,

^_^

Views

895

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Apr 14, 2016 0
LEGEND ,
Apr 14, 2016

Copy link to clipboard

Copied

Hi, frank000000‌,

I know that we've had some serious issues with any Java 7 after update 25.  They turned off a lot of network permissions and other things, as a security measure, that used to be available in versions prior to update 25.  But that was when we were running CF Server 9.

Ever since we upgraded to CF Server 10 (making sure that we got the CF installer that came with Java 8), we've had very few issues relating to Java.

It seems odd, to me, that the host upgrading to 1.8 while your server is at 1.6 would cause any problems.  It very well could be something else.  I'd ask the host provider for documentation outlining exactly how/why their 1.8 could cause interference with your 1.6.

HTH,

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 14, 2016 0
New Here ,
Jun 16, 2016

Copy link to clipboard

Copied

Updating ColdFusion fixed the issue.  Thanks.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 16, 2016 0
LEGEND ,
Jun 16, 2016

Copy link to clipboard

Copied

Glad to hear it!  I wish more issues were so easily corrected with just a simple update.  Amiright?    And thank you for marking my answer as correct.  I do appreciate it.

V/r,

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 16, 2016 0