1. God object
    07 Feb 2016
    1. A year ago we had an issue using Git from TeamCity “JSchException: Algorithm negotiation fail” due to diffie-hellman-group-exchange-sha256 wasn’t supported. (see Git connection fails due to unsupported key exchange algorithm on JetBrains issue tracker)

      Today we had a similar issue with using the TeamCity plugin for RubyMine.
      Our TeamCity installation is served through a reverse proxy by an Apache web server. The only common algorithm between Java and our TLS configuration is TLS_DHE_RSA_WITH_AES_128_CBC_SHA.

      Due to Java’s JCE provider having a key size upper limit of 1024, since Java 8 it is 2048, the connection fails because we require at least 4096. In RubyMine you get the Message “Login error: Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive)”.

    2. To fix this on a Debian “Jessie” 8 system with OpenJDK 8 installed follow these steps.

      Install the Bouncy Castle Provider:

      sudo aptitude install libbcprov-java

      Link the JAR in your JRE:

      sudo ln -s /usr/share/java/bcprov.jar /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext/bcprov.jar 

      Modify the configuration /etc/java-8-openjdk/security/java.security

      security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
    1. 1 Responses

      leave a comment
    2. 7ac7dce73f60ab64dabd007a24e11a8b?d=identicon
      Guestfraps writes:
      25 Aug 21:02
      guest test post <a href="http://googlee.te/">bbcode</a> <a href="http://googlee.te/">html</a> http://googlee.te/ simple
    3. Leave a comment: