I am trying to connect to a "https://" site which supports "TLSv1" protocol and the following cipher suites,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 4096 bits
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 4096 bits
using Apache's httpclient (Java platform - JDK 1.7)
Its working fine in JDK1.8 (which has support for Cipher suites with DH parameters > 1024 bits)
But its failing in JDK 1.7 with the following exception,
main, handling exception: java.lang.ArrayIndexOutOfBoundsException: 64
%% Invalidated: [Session-1, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1 ALERT: fatal, description = internal_error
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 50 ......P
main, called closeSocket()
main, IOException in getSession(): javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 64
As suggested in the workaround here,
http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6521495, I used tried using Bouncy Castle Provider but still getting the same exception.
Any help would be great. Thanks.
The issue is, you are using 2048 DH key with TLS v1 while its compatible with TLS v1.2, So you can resolve it by three ways:
1) Upgrade your JDK version to 1.8
2) Disable all DHE ciphers from server
3) Use 1048 DH key on server
for more details, see here