java DH 密钥大小必须是 64 的倍数,并且只能在 512 到 2048(含)之间
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/40381968/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
DH key size must be multiple of 64, and can only range from 512 to 2048 (inclusive)
提问by Nishant Kansal
I have a set-up in which I am executing a build from Jenkins on a Solaris Server connecting via sshexectask in ANT.
我有一个建立在我在Solaris服务器通过连接执行从詹金斯构建sshexec的任务ANT。
On trigerring the build, it is throwing below error:
在触发构建时,它抛出以下错误:
com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidAlgorithmParameterException: DH key size must be multiple of 64, and can only range from 512 to 2048 (inclusive). The specific key size 2047 is not supported.
com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidAlgorithmParameterException: DH 密钥大小必须是 64 的倍数,并且范围只能从 512 到 2048(含)。不支持特定的密钥大小 2047。
After some google search, I came to know that it might be fixed by updating to Java 8. I did that, however, still no success.
在谷歌搜索之后,我开始知道它可能会通过更新到 Java 8 来修复。然而,我这样做了,但是,仍然没有成功。
Can anyone please let me know how to fix it?
任何人都可以让我知道如何解决它?
回答by Brian Low
Our fix:
我们的修复:
Security.insertProviderAt(new BouncyCastleProvider(), 1)
we were using Jsch 0.1.54 directly to connect to an SFT server and saw:
我们直接使用 Jsch 0.1.54 连接到 SFT 服务器并看到:
java.security.InvalidAlgorithmParameterException: DH key size must be multiple of 64, and can only range from 512 to 4096 (inclusive). The specific key size 2047 is not supported
java.security.InvalidAlgorithmParameterException: DH 密钥大小必须是 64 的倍数,并且范围只能从 512 到 4096(含)。不支持特定的密钥大小 2047
possibly related
可能相关
回答by ravbarKomanda
The JSch library (used by Jenkins or one of it's plugins) makes use of Java's JCE provider. It appears the JCE provider of your Java version can't handle the key length of 2047 bits.
JSch 库(由 Jenkins 或其插件之一使用)利用 Java 的 JCE 提供程序。您的 Java 版本的 JCE 提供程序似乎无法处理 2047 位的密钥长度。
You can swap your current JCE provider with a BouncyCastleprovider.
您可以将您当前的 JCE 提供程序与BouncyCastle提供程序交换。
While @Brian Low's workaround describes a dynamic registration of BouncyCastle as the cryptography package provider, I'd like to point out an alternative way where it's done by configuring your environment via static registration.
虽然@Brian Low的解决方法描述了将 BouncyCastle 动态注册为加密包提供程序,但我想指出一种替代方法,通过静态注册配置您的环境。
- Download BouncyCastle provider from bouncycastle.org
- 从下载BouncyCastle的提供商bouncycastle.org
Look for the "Signed JAR Files" section and select your provider. For example, bcprov-jdk15to18-165.jar, for any Java version between 5 and 8.
查找“签名 JAR 文件”部分并选择您的提供商。例如,bcprov-jdk15to18-165.jar,适用于 5 到 8 之间的任何 Java 版本。
- In Jenkins go to Manage Jenkins - Global Tool Configurations - JDK to verify your JDK location (JAVA_HOME).
- Copy the JAR file to $JAVA_HOME/jre/lib/ext
- Locate and edit $JAVA_HOME/jre/lib/security/java.security
- 在 Jenkins 中,转到 Manage Jenkins - Global Tool Configurations - JDK 以验证您的 JDK 位置 (JAVA_HOME)。
- 将 JAR 文件复制到 $JAVA_HOME/jre/lib/ext
- 找到并编辑 $JAVA_HOME/jre/lib/security/java.security
Here we insert the BouncyCastle provider at the first position (most prefered) and update the others' preference number.
在这里,我们在第一个位置(最喜欢的)插入 BouncyCastle 提供者并更新其他人的偏好编号。
Example:
例子:
#
# List of providers and their preference orders (see above):
#
security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
security.provider.11=sun.security.mscapi.SunMSCAPI
At this point restart Jenkins.
此时重启詹金斯。
