HTTP status 503 and java.lang.RuntimeException: java.security.KeyException for https target in opdk

0 0 1,408

For OPDK installs on amazon instances we will get below exception and Http status code 503.

Caused by: java.lang.RuntimeException: java.security.KeyException at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429) ~[na:1.8.0_101] at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[na:1.8.0_101] at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) ~[na:1.8.0_101] at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[na:1.8.0_101] at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.8.0_101] at com.apigee.nio.SSLTransport.processUnwrap(SSLTransport.java:262) ~[nio-1.0.0.jar:na] at com.apigee.nio.SSLTransport.run(SSLTransport.java:142) ~[nio-1.0.0.jar:na] at com.apigee.nio.SSLTransport.process(SSLTransport.java:488) ~[nio-1.0.0.jar:na] at com.apigee.nio.ClientChannel.process(ClientChannel.java:263) ~[nio-1.0.0.jar:na]

In trace we would get below error:

{"fault": {"faultstring": "The Service is temporarily unavailable","detail": {"errorcode": "messaging.adaptors.http.flow.ServiceUnavailable"}}}

This would happen on OPDK instances spawned on Amazon cloud with java 1.8.0_101-b13.

In order to fix this we need to add below property:

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, EC, ECDHE, ECDH

In /usr/lib/jvm/jre/lib/security/java.security

This will fix the java security issue and allow https calls.

At times these algorithms, ECDHE and ECDH are already present which will allow https calls.

Version history
Last update:
‎10-05-2016 03:42 AM
Updated by: