This discussion is archived
13 Replies Latest reply: Mar 8, 2012 2:44 PM by 917780 RSS

java.lang.SecurityException: Unsupported keysize or algorithm parameters

917780 Newbie
Currently Being Moderated
Hi I need urgent help, I am getting below exception while loading trusted certificates from the jks keystore files DemoTrust.jks and cacerts using wls server.

java.lang.SecurityException: Unsupported keysize or algorithm parameters
     at javax.crypto.Cipher.init(DashoA12275)
     at com.certicom.tls.provider.Cipher.init(Unknown Source)
     at com.certicom.tls.ciphersuite.SecurityParameters.createWriteCipher(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.changeCipherSpec(Unknown Source)
     at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
     at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
     at com.certicom.tls.record.WriteHandler.write(Unknown Source)
     at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
     at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
     at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
     at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
     at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:122)
     at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:322)
     at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:29)
     at weblogic.net.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:594)
     at java.net.HttpURLConnection.getHeaderFieldDate(HttpURLConnection.java:343)
     at java.net.URLConnection.getLastModified(URLConnection.java:429)
     at com.cramer.core.framework.serviceimpl.ImageServiceImpl.getURLImage(ImageServiceImpl.java:269)
     at com.cramer.core.framework.serviceimpl.ImageServiceImpl.getImages(ImageServiceImpl.java:224)
     at com.cramer.core.framework.serviceimpl.ImageServiceImpl.getGraphicsCacheData(ImageServiceImpl.java:634)
     at sun.reflect.GeneratedMethodAccessor1067.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:397)
     at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186)
     at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323)
     at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
     at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
     at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
     at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:453)
     at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
     at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1072)
     at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:465)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:28)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
     at com.cramer.core.sso.ApplicationFilter.doFilter(Unknown Source)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
     at com.cramer.core.framework.serviceimpl.ClientAddressFilter.doFilter(ClientAddressFilter.java:62)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6987)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3892)
     at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2766)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
Pls help , Thanks is Advance !!!
  • 1. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    917780 Newbie
    Currently Being Moderated
    can some one pls reply on this , it is coming on production
  • 2. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    EJP Guru
    Currently Being Moderated
    Maybe you need to install the Unlimited Strength Jurisdiction JCE files?
  • 3. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    917780 Newbie
    Currently Being Moderated
    Tnx , I am using j2sdk1.4.2_17 with Weblogic8.1 and i think you are talking about local_policy.jar and US_export_policy.jar under j2sdk1.4.2_17/jre/lib/security dir. I downloaded the latested j2sdk1.4.2_17 and compare the size for both the but didn’t find the difference in size.

    Let me know any things else I have to look and how I can check that I have any SSL certificate installed on weblogic and I am suspecting that SSL certificate may be expired and that raise this error.

    Thanks
  • 4. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    EJP Guru
    Currently Being Moderated
    I think you are talking about local_policy.jar and US_export_policy.jar under j2sdk1.4.2_17/jre/lib/security.
    I am talking about the versions of those files shipped in the package I mentioned. You have to download the package that matches the JDK and install it as documented.
    I downloaded the latested j2sdk1.4.2_17 and compare the size for both the but didn’t find the difference in size.
    So what? If anything, that proves you don't have the unlimited strength stuff installed. It doesn't come with the JDK.
    Let me know any things else I have to look
    You haven't looked at this one adequately yet. Time to explore that question when this line of enquiry fails.
    I am suspecting that SSL certificate may be expired and that raise this error.
    No. That would not cause the problem.

    Edited by: EJP on 18/02/2012 19:59
  • 5. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    sabre150 Expert
    Currently Being Moderated
    EJP wrote:
    I downloaded the latested j2sdk1.4.2_17 and compare the size for both the but didn’t find the difference in size.
    So what? If anything, that proves you don't have the unlimited strength stuff installed. It doesn't come with the JDK.
    ++

    I have never seen the 'unlimited' jars having the same length as the 'limited' jars and would be very very surprised if they were the same length.
  • 6. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    917780 Newbie
    Currently Being Moderated
    HI
    I tried with replacing the jar with unlimited strength stuff but it didn't work for me , i got "class not found" Exception after that.

    but one point i bring in to notice that i come accross this Error when try to loading trusted certificates

    <Mar 6, 2012 3:26:22 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /appl/bea/wls81sp5/weblogic81/server/lib/DemoTrust.jks.>
    <Mar 6, 2012 3:26:22 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /appl/j2sdk1.4.2_17/jre/lib/security/cacerts.>
    java.lang.SecurityException: Unsupported keysize or algorithm parameters
         at javax.crypto.Cipher.init(DashoA12275)
         at com.certicom.tls.provider.Cipher.init(Unknown Source)
         at com.certicom.tls.ciphersuite.SecurityParameters.createWriteCipher(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.changeCipherSpec(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
         at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
         at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:122)
         at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:322)
         at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:29)
         at weblogic.net.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:594)
         at java.net.HttpURLConnection.getHeaderFieldDate(HttpURLConnection.java:343)
         at java.net.URLConnection.getLastModified(URLConnection.java:429)
  • 7. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    EJP Guru
    Currently Being Moderated
    I tried with replacing the jar with unlimited strength stuff but it didn't work for me , i got "class not found" Exception after that.
    So that is the problem you should be trying to solve. Clearly you installed it wrongly. Did you follow the instructions provided?

    The remainder of your post just reiterates the original problem.
  • 8. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    917780 Newbie
    Currently Being Moderated
    Thanks EJP,
    Yes i followed the instructions and the instructions were only the replace the US_export_policy.jar and
    local_policy.jar jars with unlimited strength jars and i did the same.

    let me clear that java version on server is j2sdk1.4.2_17 and i downloaded the unlimited strength jars for version J2SDK, v 1.4.2 using below link

    http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#7503-jce-1.4.2-oth-JPR.


    Please let me if i doing any wrong here.

    Thanks Again
  • 9. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    sabre150 Expert
    Currently Being Moderated
    Assuming that the ClassNotFoundException is just a configuration problem (Java or application) that is nothing to do with the 'unlimited' jars, were the sizes of those 'unlimited' jar files different between before and after and are you sure you are using the version of Java you think you are? If you are on Windows, have you made sure you have installed the jars in both the JRE and the JDK installation components!
  • 10. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    917780 Newbie
    Currently Being Moderated
    yes there was diffrence in size of jars before and unlimited version. the unlimited jars are bigger on campare.
    Also as I cleared , Java version on server is j2sdk1.4.2_17 and I deployed Unlimited Strength jars of version 1.4.2 using below link

    http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#7503-jce-1.4.2-oth-JPR

    Hope i am using correct version of unlimited jars for my java version.

    Tnx,
    Kapil
  • 11. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    EJP Guru
    Currently Being Moderated
    Yes i followed the instructions and the instructions were only the replace the US_export_policy.jar and
    local_policy.jar jars with unlimited strength jars and i did the same.
    You need to do it in both the installed JDK and the installed JRE.
  • 12. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    sabre150 Expert
    Currently Being Moderated
    EJP wrote:
    Yes i followed the instructions and the instructions were only the replace the US_export_policy.jar and
    local_policy.jar jars with unlimited strength jars and i did the same.
    You need to do it in both the installed JDK and the installed JRE.
    In my previous post I said "If you are on Windows, have you made sure you have installed the jars in both the JRE and the JDK installation components" but I don't think the OP is reading anything posted here.
  • 13. Re: java.lang.SecurityException: Unsupported keysize or algorithm parameters
    917780 Newbie
    Currently Being Moderated
    i am not on windows machine , I am on solaris machine and having only one instance of each jar file ,which is under /appl/j2sdk1.4.2_17/jre/lib/security dir.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points