For OPDK installs on amazon instances we will get below exception and Http status code 503.
Caused by: java.lang.RuntimeException: java.security.KeyException at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429) ~[na:1.8.0_101] at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[na:1.8.0_101] at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) ~[na:1.8.0_101] at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[na:1.8.0_101] at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.8.0_101] at com.apigee.nio.SSLTransport.processUnwrap(SSLTransport.java:262) ~[nio-1.0.0.jar:na] at com.apigee.nio.SSLTransport.run(SSLTransport.java:142) ~[nio-1.0.0.jar:na] at com.apigee.nio.SSLTransport.process(SSLTransport.java:488) ~[nio-1.0.0.jar:na] at com.apigee.nio.ClientChannel.process(ClientChannel.java:263) ~[nio-1.0.0.jar:na]
In trace we would get below error:
{"fault": {"faultstring": "The Service is temporarily unavailable","detail": {"errorcode": "messaging.adaptors.http.flow.ServiceUnavailable"}}}
This would happen on OPDK instances spawned on Amazon cloud with java 1.8.0_101-b13.
In order to fix this we need to add below property:
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, EC, ECDHE, ECDH
In /usr/lib/jvm/jre/lib/security/java.security
This will fix the java security issue and allow https calls.
At times these algorithms, ECDHE and ECDH are already present which will allow https calls.