3

I get below error on trying to invoke https rest service:

Caused by: java.security.ProviderException: Could not derive key
    sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:133)
    sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:163)
    javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:648)
    sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:101)
    sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1067)
    sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
    sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    ... 36 more
    Caused by: java.security.InvalidAlgorithmParameterException
    sun.security.ec.ECDHKeyAgreement.deriveKey(Native Method)
    sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:130)
    ... 46 more
    java.security.ProviderException: Could not derive key

Interestingly enough, if i execute same code as a standalone using Java 1.8, it works fine.

Issue starts happening after I deploy code inside Wildfly 9. Wildfly 9 is running on Java 1.8 exactly same as working standalone version. So, i dont think its a java issue, more of Wildfly issue.

I tried comparing -Djavax.net.debug=all on both standalone vs wildfly. Below is snippet from wildfly deployed code.

    [0m[0m13:35:26,100 INFO  [stdout] (default task-2) *** ECDHClientKeyExchange
    [0m[0m13:35:26,104 INFO  [stdout] (default task-2) ECDH Public value:  { 4, 43, 99, 163, 253, 189, 137, 10, 221, 205, 19, 183, 173, 128, 171, 32, 35, 249, 144, 154, 197, 102, 78, 161, 23, 240, 209, 125, 129, 106, 224, 33, 219, 6, 207, 105, 238, 187, 181, 124, 194, 13, 0, 223, 88, 212, 101, 163, 19, 119, 41, 100, 36, 79, 235, 57, 65, 112, 71, 194, 43, 36, 244, 78, 174 }
    [0m[0m13:35:26,104 INFO  [stdout] (default task-2) [write] MD5 and SHA1 hashes:  len = 70
    [0m[0m13:35:26,106 INFO  [stdout] (default task-2) 0000: 10 00 00 42 41 04 2B 63   A3 FD BD 89 0A DD CD 13  ...BA.+c........
    [0m[0m13:35:26,108 INFO  [stdout] (default task-2) 0010: B7 AD 80 AB 20 23 F9 90   9A C5 66 4E A1 17 F0 D1  .... #....fN....
    [0m[0m13:35:26,110 INFO  [stdout] (default task-2) 0020: 7D 81 6A E0 21 DB 06 CF   69 EE BB B5 7C C2 0D 00  ..j.!...i.......
    [0m[0m13:35:26,111 INFO  [stdout] (default task-2) 0030: DF 58 D4 65 A3 13 77 29   64 24 4F EB 39 41 70 47  .X.e..w)d$O.9ApG
    [0m[0m13:35:26,112 INFO  [stdout] (default task-2) 0040: C2 2B 24 F4 4E AE                                  .+$.N.
    [0m[0m13:35:26,113 INFO  [stdout] (default task-2) default task-2, WRITE: TLSv1 Handshake, length = 70
    [0m[0m13:35:26,113 INFO  [stdout] (default task-2) [Raw write]: length = 75
    [0m[0m13:35:26,115 INFO  [stdout] (default task-2) 0000: 16 03 01 00 46 10 00 00   42 41 04 2B 63 A3 FD BD  ....F...BA.+c...
    [0m[0m13:35:26,116 INFO  [stdout] (default task-2) 0010: 89 0A DD CD 13 B7 AD 80   AB 20 23 F9 90 9A C5 66  ......... #....f
    [0m[0m13:35:26,118 INFO  [stdout] (default task-2) 0020: 4E A1 17 F0 D1 7D 81 6A   E0 21 DB 06 CF 69 EE BB  N......j.!...i..
    [0m[0m13:35:26,120 INFO  [stdout] (default task-2) 0030: B5 7C C2 0D 00 DF 58 D4   65 A3 13 77 29 64 24 4F  ......X.e..w)d$O
    [0m[0m13:35:26,121 INFO  [stdout] (default task-2) 0040: EB 39 41 70 47 C2 2B 24   F4 4E AE                 .9ApG.+$.N.
    [0m[0m13:35:26,138 INFO  [stdout] (default task-2) default task-2, handling exception: java.security.ProviderException: Could not derive key
    [0m[0m13:35:26,138 INFO  [stdout] (default task-2) %% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
    [0m[0m13:35:26,139 INFO  [stdout] (default task-2) default task-2, SEND TLSv1 ALERT:  fatal, description = internal_error
    [0m[0m

13:35:26,139 INFO  [stdout] (default task-2) default task-2, WRITE: TLSv1 Alert, length = 2
[0m[0m13:35:26,139 INFO  [stdout] (default task-2) [Raw write]: length = 7
[0m[0m13:35:26,141 INFO  [stdout] (default task-2) 0000: 15 03 01 00 02 02 50                               ......P
[0m[0m13:35:26,141 INFO  [stdout] (default task-2) default task-2, called closeSocket()
[0m[0m13:35:26,141 INFO  [stdout] (default task-2) default task-2, called close()
[0m[0m13:35:26,141 INFO  [stdout] (default task-2) default task-2, called closeInternal(true)
[0m[31m13:35:26,142 ERROR [stderr] (default task-2) javax.net.ssl.SSLException: java.security.ProviderException: Could not derive key

I have tried applying all fixes as mentioned online, but problem still persists. Any pointers / help will be much appreciated. Thanks.

Deepak Chaudhary
  • 152
  • 1
  • 11

2 Answers2

2

After much diagnosis I was able to fix this.

In my current environment, i was running ColdFusion on top of wildfly 9. The above particular code was invoked from inside ColdFusion pages. I found COldFusion's default security provider JsafeJCE was the issue here. So, i removed the "JsafeJCE" provider and code executed like a charm.

Used below code to remove JsafeJCE:

<cfobject type="Java" class="java.security.Security" name="providerObj">;
<cfscript>providerObj.removeProvider("JsafeJCE");</cfscript>

Summary - It was an issue with security provider out of the box by ColdFusion install.

Deepak Chaudhary
  • 152
  • 1
  • 11
0

I have also encountered this error once. We tried switching java versions but it didn't help. Turned out this error was caused by a different project, which was deployed on the same server. Perhaps it had some special SSL configuration enabled.

Dmitry Avgustis
  • 854
  • 1
  • 9
  • 14