Thank you! The issue is caused by I use the older karaf script which set up JAVA_OPTS incorrectly. By update the script from karaf, the issue is solved.
From: Freeman Fang [mailto:[email protected]] Sent: Thursday, December 06, 2012 2:55 PM To: [email protected] Subject: Re: Enable HTTPS got "Could not generate DH keypair" Do you exactly follow the document there? Especially as you use sunjce_provider.jar, you should have org.apache.karaf.security.providers =com.sun.crypto.provider.SunJCE in $KARAF_HOME/etc/config.properties take a look at related discussion[1] to get more details. [1]http://fusesource.com/forums/thread.jspa?messageID=15560㳈 ------------- Freeman(Yue) Fang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://fusesource.com | http://www.redhat.com/ Twitter: freemanfang Blog: http://freemanfang.blogspot.com http://blog.sina.com.cn/u/1473905042 weibo: http://weibo.com/u/1473905042 On 2012-12-6, at 下午2:36, Guofeng Zhang wrote: Not works. I got: java.lang.RuntimeException: java.security.NoSuchAlgorithmException: SunTlsMasterSecret KeyGenerator not available From: Freeman Fang [mailto:[email protected]] Sent: Thursday, December 06, 2012 12:58 PM To: [email protected]<mailto:[email protected]> Subject: Re: Enable HTTPS got "Could not generate DH keypair" Hi, In some case you need specify security provider to karaf, take a look at [1] to get more details, the "Deploying Security Providers" chapter [1]http://karaf.apache.org/manual/latest-2.3.x/users-guide/security.html ------------- Freeman(Yue) Fang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://fusesource.com | http://www.redhat.com/ Twitter: freemanfang Blog: http://freemanfang.blogspot.com http://blog.sina.com.cn/u/1473905042 weibo: http://weibo.com/u/1473905042 On 2012-12-6, at 下午12:43, Guofeng Zhang wrote: Hi, I tried to deploy Jetty SPDY on Karaf-3.0.0-SNAPSHOT, so I have to enable HTTPS. But I got the following error. By copying sunjce_provider.jar from JRE 7 to lib/ext (hint fromhttp://www.jroller.com/robertburrelldonkin/entry/james_imaps), this issue is solved and the HTTPS works well. But I do not think it is the right way to duplicate it there. So what causes the issue ( Jetty miss importimg something)? or I do not configure something required on Karaf? I use the lastest 3.0.0 SNAPSHOT. Thanks. Guofeng java.lang.RuntimeException: Could not generate DH keypair at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1383)[:1.7.0_09] at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:517)[:1.7.0_09] at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:794)[:1.7.0_09] at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:762)[:1.7.0_09] at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)[:1.7.0_09] at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:489)[88:org.eclipse.jetty.io:9.0.0.M3] at org.eclipse.jetty.spdy.server.NextProtoNegoServerConnection.fill(NextProtoNegoServerConnection.java:99)[108:org.eclipse.jetty.spdy.server:9.0.0.M3] at org.eclipse.jetty.spdy.server.NextProtoNegoServerConnection.onFillable(NextProtoNegoServerConnection.java:67)[108:org.eclipse.jetty.spdy.server:9.0.0.M3] at org.eclipse.jetty.io.AbstractConnection$1.onCompleted(AbstractConnection.java:80)[88:org.eclipse.jetty.io:9.0.0.M3] at org.eclipse.jetty.io.AbstractConnection$1.onCompleted(AbstractConnection.java:63)[88:org.eclipse.jetty.io:9.0.0.M3] at org.eclipse.jetty.util.ExecutorCallback$1.run(ExecutorCallback.java:32)[98:org.eclipse.jetty.util:9.0.0.M3] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:597)[98:org.eclipse.jetty.util:9.0.0.M3] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:528)[98:org.eclipse.jetty.util:9.0.0.M3] at java.lang.Thread.run(Thread.java:722)[:1.7.0_09] Caused by: java.lang.RuntimeException: Could not generate DH keypair at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:100)[:1.7.0_09] at sun.security.ssl.ServerHandshaker.setupEphemeralDHKeys(ServerHandshaker.java:1263)[:1.7.0_09] at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1125)[:1.7.0_09] at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:970)[:1.7.0_09] at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:663)[:1.7.0_09] at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:200)[:1.7.0_09] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:882)[:1.7.0_09] at sun.security.ssl.Handshaker$1.run(Handshaker.java:822)[:1.7.0_09] at sun.security.ssl.Handshaker$1.run(Handshaker.java:820)[:1.7.0_09] at java.security.AccessController.doPrivileged(Native Method)[:1.7.0_09] at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1323)[:1.7.0_09] at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:548)[88:org.eclipse.jetty.io:9.0.0.M3] ... 8 more Caused by: java.security.NoSuchAlgorithmException: DiffieHellman KeyPairGenerator not available at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:207)[:1.7.0_09] at sun.security.ssl.JsseJce.getKeyPairGenerator(JsseJce.java:276)[:1.7.0_09] at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:91)[:1.7.0_09] ... 19 more
