Updating connection failed client cert
Bouncy Castle Provider restart app using JRE and give it a try Here is my solution (java 1.6), also would be interested why I had to do this: I noticed from the javax.security.debug=ssl, that sometimes the used cipher suite is TLS_DHE_... I guess somewhere in the Sun SSL implementation sometimes it choose package org.example.security; import it is very important to put the bcprov-ext-jdk15on-156in the \ext directory (this cost me about two hours and some hair ;-) then I edited the file C:\jdk6_45\jre\lib\security\java.security (with wordpad not with editor.exe! afterwards the list looked like # # List of providers and their preference orders (see above): # security.provider.1=org.provider.
Invalid Algorithm Parameter Exception: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive), and httpd logs tlsv1 alert internal error (SSL alert number 80) (at Log Level info or higher), you can either rearrange mod_ssl's cipher list with SSLCipher Suite (possibly in conjunction with SSLHonor Cipher Order), or you can use custom DH parameters with a 1024-bit prime, which will always have precedence over any of the built-in DH parameters.
The remainder of this document is a description of all Postfix configuration parameters.
Default values are shown after the parameter name in parentheses, and can be looked up with the "postconf -d" command.
The parameter name must contain only characters from the set [a-z A-Z0-9_].
An undefined parameter value is replaced with the empty value.
Note, however, that the limit was only raised to 2048 bit. Seems a pretty serious problem given the existence of servers which request a larger size! When I use older version, sometimes it works and sometimes it gives above exception.. If its a bug in java, then I guess it should never work? obviously, coldfusion and java jdk 1.6.45 can not manage this.
Java 7 and earlier limit their support for DH prime sizes to a maximum of 1024 bits, however.
Here is code which works given an SSLSocket (before you connect it): 2.4.7, try this: copied from the url: Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.
Bouncy Castle Provider security.provider.2=sun.security.provider.
The Postfix configuration file specifies a very small subset of all the parameters that control the operation of the Postfix mail system.