java +https

Version 1
    This document was generated from CDN thread

    Created by: George Goglidze Berdzenishvili on 06-06-2012 05:57:52 PM
    Hi all,
     
    I'm trying to follow the example provided by Cisco, to execute AXL in Java.
    but when I try to build the connection:
    reply = con.call(requestMessage, getUrlEndpoint());
     
    it throws the following exception:
    Could not generate DH keypair
    Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
     
    looks like this is a known issue: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6521495
     
    is there workaround for this using same sun security libraries? and NOT using bouncycastle libraries?
     
    Thanks,

    Subject: Re: New Message from George Goglidze Berdzenishvili in Administration XML (
    Replied by: Carlos Sanz on 06-06-2012 05:59:13 PM
    Hola, hasta el día 25-Junio estaré fuera de oficina y no tendré acceso
    al correo. Por asuntos urgentes por favor contactad con el
    comunicacionesunificadas@acuntia.es

    Hello, until day 25-Jun I will not  have access to the mail. For
    urgent issues please contact with comunicacionesunificadas@acuntia.es

    --
    Un Saludo,

    Carlos Sanz
    Dpto Proyectos y Consultoría.
    Área de Comunicaciones Unificadas & Colaboración.

    Dirección:       Valle de la Fuenfría 3,
                            28034 Madrid España
    Teléfono:        +34 91 456 00 08
    Móvil:              +34 618 18 55 02
    E-Mail:            carlos.sanz@acuntia.es <Lcarlos.sanz@acuntia.es>
    Web:               http://www.acuntia.es

    --


    P Antes de imprimir este mensaje, por favor, compruebe que es necesario. Proteger
    el medio ambiente está también en su mano *.*ü

    **** DISCLAIMER****
    Este e-mail contiene información confidencial, el contenido de la misma se
    encuentra protegido por Ley. Cualquier persona distinta a su destinataria
    tiene prohibida su reproducción, uso, divulgación o impresión total o
    parcial. Si ha recibido este mensaje por error, notifíquelo de inmediato al
    remitente borrando el mensaje original juntamente con sus ficheros anexos.
    Gracias

    This e-mail contains confidencial information protected by Law. It is
    prohibited to reproduce, use, disclose and totally or partially print the
    content of this e-mail to any person other than intended recipient. If you
    have received this message by mistake, please notify immediately the sender
    and delete the original message jointly with all attached files. Thank you.

    Subject: RE: java +https
    Replied by: George Goglidze Berdzenishvili on 07-06-2012 12:52:16 PM
    Hi,

    Is anybody at all using this method?
    can anyone at least tell me if I'm barking up the wrong tree??? I've spend 2 days trying to solve this.
    I even tried to use bouncy castle libraries.
    but then it has it's own bugs, and eventually does not work anyway.

    has anyone been able to use this example provided by cisco on CUCM 8???

    thanks,

    Subject: RE: java +https
    Replied by: Chikeobi Njaka on 07-06-2012 09:01:20 PM
    Hi,

    Is anybody at all using this method?
    can anyone at least tell me if I'm barking up the wrong tree??? I've spend 2 days trying to solve this.
    I even tried to use bouncy castle libraries.
    but then it has it's own bugs, and eventually does not work anyway.

    has anyone been able to use this example provided by cisco on CUCM 8???

    thanks,

    Hi George,
    I too am waiting for an answer, especially from the Cisco folks. I had a strange situation where thisdoes not appear across the board on all CUCM installs (8.5+). I have only seen it on one install. As such, it smells like a configuration (CUCM install) thing. 

    Subject: RE: java +https
    Replied by: George Goglidze Berdzenishvili on 09-06-2012 07:32:07 PM


    Hi,

    Is anybody at all using this method?
    can anyone at least tell me if I'm barking up the wrong tree??? I've spend 2 days trying to solve this.
    I even tried to use bouncy castle libraries.
    but then it has it's own bugs, and eventually does not work anyway.

    has anyone been able to use this example provided by cisco on CUCM 8???

    thanks,


    Hi George,
    I too am waiting for an answer, especially from the Cisco folks. I had a strange situation where thisdoes not appear across the board on all CUCM installs (8.5+). I have only seen it on one install. As such, it smells like a configuration (CUCM install) thing. 

     
    Hi thanks for the answer.
    I have an idea about what is going on. and which versions are affected.
     
    the one I have is Restricted version (the one that you can enable mixed mode for security).
    and I guess this version offers better cipher capabilities.
     
    probably unrestricted versions will be ok.
     
    as a workaround I am using bouncy castle libraries now, but then I had array out of boundaris exception, which I had to fix by the following work around:
     
            socket = (SSLSocket) sf.createSocket(host, Integer.parseInt(this.port));
          
            List<String> limited = new LinkedList<String>();
            for(String suite : ((SSLSocket)socket).getEnabledCipherSuites())
            {
                if(!suite.contains("_DHE_"))
                {
                    limited.add(suite);
                }
            }
            ((SSLSocket)socket).setEnabledCipherSuites(limited.toArray( new String[limited.size()] ));
     
    I do hope this saves someone few days of headaches!
     
    Regards,