Could not generate DH keypair

# 将事件写入同一集群中的单独审核索引,<debug|internal_elasticsearch|external_elasticsearch|webhook>

searchguard.audit.type: internal_elasticsearch

# searchguard.audit.type: debug

# SearchGuard使用Elasticsearch REST API发送跟踪的事件

searchguard.audit.config.http_endpoints: es.cluster.com:6300,es.cluster.com:6301,es.cluster.com:6302,es.cluster.com:6303,es.cluster.com:6304

# 使用以下设置来控制SSL / TLS

searchguard.audit.config.enable_ssl: false

# 是否使用SSL / TLS。如果在接收群集的REST层上启用SSL / TLS,请将其设置为true。默认值为false。

searchguard.audit.config.verify_hostnames: false

# 是否验证接收集群的SSL / TLS证书的主机名。默认值为true。

searchguard.audit.config.enable_ssl_client_auth: true

# 如果在接收群集上启用了HTTP Basic auth,请使用这些设置指定审核日志模块应使用的用户名和密码

searchguard.audit.config.username: admin

searchguard.audit.config.password: admin

##### 管理员账号配置

searchguard.authcz.admin_dn:

- "CN=admin, OU=client, O=Nn, L=Hz, C=DE"

# Enable or disable node-to-node ssl encryption (default: true)

# `OPTIONAL` or `REQUIRED`

# searchguard.ssl.http.clientauth_mode: REQUIRED

###只使用http basic auth 未强制使用ssl

searchguard.ssl.http.enabled: true

searchguard.ssl.http.keystore_type: JKS

searchguard.ssl.http.keystore_filepath: node-0-keystore.jks

searchguard.ssl.http.keystore_password: asdfasdf

searchguard.ssl.http.truststore_type: JKS

searchguard.ssl.http.truststore_filepath: truststore.jks

searchguard.ssl.http.truststore_password: asdfasdf

searchguard.ssl.http.enable_openssl_if_available: true

searchguard.ssl.http.enabled_protocols:

- "TLSv1"

- "TLSv1.1"

- "TLSv1.2"

###节点下放的是node-*,这里就写哪个

searchguard.ssl.transport.enabled: true

searchguard.ssl.transport.keystore_type: JKS

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: asdfasdf

searchguard.ssl.transport.truststore_type: JKS

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: asdfasdf

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.transport.resolve_hostname: false

searchguard.ssl.transport.enable_openssl_if_available: true

searchguard.ssl.transport.enabled_protocols:

- "TLSv1"

- "TLSv1.1"

- "TLSv1.2"

[19:31:45,701][WARN ] org.elasticsearch.com.floragunn.searchguard.ssl.util.SSLCertificateHelper - Certificate chain for alias admin contains a root certificate

[19:31:46,283][WARN ] org.elasticsearch.com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - [Lifeguard] exception caught on transport layer [[id: 0x13310487, /192.168.254.236:53623 => node-3.nuonuo.com/192.168.254.239:6300]], closing connection

java.lang.RuntimeException: Could not generate DH keypair

	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1476)

	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)

	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)

	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)

	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1219)

	at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)

	at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)

	at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)

	at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)

	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

	at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)

	at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)

	at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)

	at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)

	at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)

	at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)

	at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)

	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

	at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: Could not generate DH keypair

	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:142)

	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:114)

	at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:711)

	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:268)

	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)

	at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)

	at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)

	at java.security.AccessController.doPrivileged(Native Method)

	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)

	at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1393)

	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1256)

	... 18 more

Caused by: java.security.NoSuchAlgorithmException: DiffieHellman KeyPairGenerator not available

	at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:218)

	at sun.security.ssl.JsseJce.getKeyPairGenerator(JsseJce.java:260)

	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:126)

	... 28 more

[19:31:46,284][WARN ] org.elasticsearch.com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - [Lifeguard] exception caught on transport layer [[id: 0x19eb6f17, /192.168.254.236:55627 => node-2.nuonuo.com/192.168.254.238:6300]], closing connection

java.lang.RuntimeException: Could not generate DH keypair

	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1476)

	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)

	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)

	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)

	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1219)

	at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)

	at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)

	at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)

	at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)

	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

	at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)

	at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)

	at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)

	at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)

	at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)

	at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)

	at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)

	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

	at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: Could not generate DH keypair

	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:142)

	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:114)

	at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:711)

	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:268)

	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)

	at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)

	at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)

	at java.security.AccessController.doPrivileged(Native Method)

	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)

	at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1393)

	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1256)

	... 18 more

Caused by: java.security.NoSuchAlgorithmException: DiffieHellman KeyPairGenerator not available

	at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:218)

	at sun.security.ssl.JsseJce.getKeyPairGenerator(JsseJce.java:260)

	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:126)

	... 28 more

[19:31:46,284][WARN ] org.elasticsearch.com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - [Lifeguard] exception caught on transport layer [[id: 0x535fc958, /192.168.254.236:40431 => node-0.nuonuo.com/192.168.254.236:6300]], closing connection

java.lang.RuntimeException: Could not generate DH keypair

	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1476)

	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)

	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)

	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)

	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1219)

	at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)

	at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)

	at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)

	at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)

	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

	at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)

	at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)

	at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)

	at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)

	at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)

	at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)

	at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)

	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

	at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: Could not generate DH keypair

	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:142)

	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:114)

	at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:711)

	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:268)

	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)

	at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)

	at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)

	at java.security.AccessController.doPrivileged(Native Method)

	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)

	at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1393)

	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1256)

	... 18 more

Caused by: java.security.NoSuchAlgorithmException: DiffieHellman KeyPairGenerator not available

	at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:218)

	at sun.security.ssl.JsseJce.getKeyPairGenerator(JsseJce.java:260)

	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:126)

	... 28 more

[19:31:46,283][WARN ] org.elasticsearch.com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - [Lifeguard] exception caught on transport layer [[id: 0xab34b088, /192.168.254.236:45461 => node-1.nuonuo.com/192.168.254.237:6300]], closing connection

java.lang.RuntimeException: Could not generate DH keypair

	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1476)

	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)

	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)

	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)

	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1219)

	at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)

	at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)

	at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)

	at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)

	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

	at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

	at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)

	at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)

	at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)

	at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)

	at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)

	at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)

	at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)

	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

	at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: Could not generate DH keypair

	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:142)

	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:114)

	at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:711)

	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:268)

	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)

	at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)

	at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)

	at java.security.AccessController.doPrivileged(Native Method)

	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)

	at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1393)

	at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1256)

	... 18 more

Caused by: java.security.NoSuchAlgorithmException: DiffieHellman KeyPairGenerator not available

	at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:218)

	at sun.security.ssl.JsseJce.getKeyPairGenerator(JsseJce.java:260)

	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:126)

	... 28 more

Exception in thread "main" NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{node-0.nuonuo.com}{192.168.254.236:6300}, {#transport#-2}{node-1.nuonuo.com}{192.168.254.237:6300}, {#transport#-3}{node-2.nuonuo.com}{192.168.254.238:6300}, {#transport#-4}{node-3.nuonuo.com}{192.168.254.239:6300}]]

	at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:326)

	at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:223)

	at org.elasticsearch.client.transport.support.TransportProxyClient.execute(TransportProxyClient.java:55)

	at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:295)

	at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:359)

	at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:86)

	at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:56)

	at Sg.main(Sg.java:58)

use jdk 1.8, openssl 1.0.2l, es 2.4.6

···

On Tuesday, August 22, 2017 at 7:39:27 PM UTC+8, Peng Wu wrote:

# 将事件写入同一集群中的单独审核索引,<debug|internal_elasticsearch|external_elasticsearch|webhook>

searchguard.audit.type: internal_elasticsearch

searchguard.audit.type: debug

SearchGuard使用Elasticsearch REST API发送跟踪的事件

searchguard.audit.config.http_endpoints: es.cluster.com:6300,es.cluster.com:6301,es.cluster.com:6302,es.cluster.com:6303,es.cluster.com:6304

使用以下设置来控制SSL / TLS

searchguard.audit.config.enable_ssl: false

是否使用SSL / TLS。如果在接收群集的REST层上启用SSL / TLS,请将其设置为true。默认值为false。

searchguard.audit.config.verify_hostnames: false

是否验证接收集群的SSL / TLS证书的主机名。默认值为true。

searchguard.audit.config.enable_ssl_client_auth: true

如果在接收群集上启用了HTTP Basic auth,请使用这些设置指定审核日志模块应使用的用户名和密码

searchguard.audit.config.username: admin

searchguard.audit.config.password: admin

管理员账号配置

searchguard.authcz.admin_dn:

  • “CN=admin, OU=client, O=Nn, L=Hz, C=DE”

Enable or disable node-to-node ssl encryption (default: true)

OPTIONAL or REQUIRED

searchguard.ssl.http.clientauth_mode: REQUIRED

###只使用http basic auth 未强制使用ssl

searchguard.ssl.http.enabled: true

searchguard.ssl.http.keystore_type: JKS

searchguard.ssl.http.keystore_filepath: node-0-keystore.jks

searchguard.ssl.http.keystore_password: asdfasdf

searchguard.ssl.http.truststore_type: JKS

searchguard.ssl.http.truststore_filepath: truststore.jks

searchguard.ssl.http.truststore_password: asdfasdf

searchguard.ssl.http.enable_openssl_if_available: true

searchguard.ssl.http.enabled_protocols:

  • “TLSv1”
  • “TLSv1.1”
  • “TLSv1.2”

###节点下放的是node-*,这里就写哪个

searchguard.ssl.transport.enabled: true

searchguard.ssl.transport.keystore_type: JKS

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: asdfasdf

searchguard.ssl.transport.truststore_type: JKS

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: asdfasdf

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.transport.resolve_hostname: false

searchguard.ssl.transport.enable_openssl_if_available: true

searchguard.ssl.transport.enabled_protocols:

  • “TLSv1”
  • “TLSv1.1”
  • “TLSv1.2”

[19:31:45,701][WARN ] org.elasticsearch.com.floragunn.searchguard.ssl.util.SSLCertificateHelper - Certificate chain for alias admin contains a root certificate

[19:31:46,283][WARN ] org.elasticsearch.com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - [Lifeguard] exception caught on transport layer [[id: 0x13310487, /192.168.254.236:53623 => [node-3.nuonuo.com/192.168.254.239:6300]](http://node-3.nuonuo.com/192.168.254.239:6300])], closing connection

java.lang.RuntimeException: Could not generate DH keypair

at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1476)

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)

at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)

at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1219)

at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)

at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)

at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)

at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)

at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)

at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)

at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)

at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: Could not generate DH keypair

at sun.security.ssl.DHCrypt.(DHCrypt.java:142)

at sun.security.ssl.DHCrypt.(DHCrypt.java:114)

at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:711)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:268)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)

at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1393)

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1256)

… 18 more

Caused by: java.security.NoSuchAlgorithmException: DiffieHellman KeyPairGenerator not available

at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:218)

at sun.security.ssl.JsseJce.getKeyPairGenerator(JsseJce.java:260)

at sun.security.ssl.DHCrypt.(DHCrypt.java:126)

… 28 more

[19:31:46,284][WARN ] org.elasticsearch.com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - [Lifeguard] exception caught on transport layer [[id: 0x19eb6f17, /192.168.254.236:55627 => [node-2.nuonuo.com/192.168.254.238:6300]](http://node-2.nuonuo.com/192.168.254.238:6300])], closing connection

java.lang.RuntimeException: Could not generate DH keypair

at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1476)

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)

at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)

at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1219)

at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)

at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)

at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)

at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)

at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)

at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)

at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)

at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: Could not generate DH keypair

at sun.security.ssl.DHCrypt.(DHCrypt.java:142)

at sun.security.ssl.DHCrypt.(DHCrypt.java:114)

at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:711)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:268)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)

at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1393)

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1256)

… 18 more

Caused by: java.security.NoSuchAlgorithmException: DiffieHellman KeyPairGenerator not available

at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:218)

at sun.security.ssl.JsseJce.getKeyPairGenerator(JsseJce.java:260)

at sun.security.ssl.DHCrypt.(DHCrypt.java:126)

… 28 more

[19:31:46,284][WARN ] org.elasticsearch.com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - [Lifeguard] exception caught on transport layer [[id: 0x535fc958, /192.168.254.236:40431 => [node-0.nuonuo.com/192.168.254.236:6300]](http://node-0.nuonuo.com/192.168.254.236:6300])], closing connection

java.lang.RuntimeException: Could not generate DH keypair

at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1476)

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)

at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)

at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1219)

at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)

at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)

at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)

at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)

at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)

at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)

at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)

at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: Could not generate DH keypair

at sun.security.ssl.DHCrypt.(DHCrypt.java:142)

at sun.security.ssl.DHCrypt.(DHCrypt.java:114)

at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:711)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:268)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)

at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1393)

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1256)

… 18 more

Caused by: java.security.NoSuchAlgorithmException: DiffieHellman KeyPairGenerator not available

at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:218)

at sun.security.ssl.JsseJce.getKeyPairGenerator(JsseJce.java:260)

at sun.security.ssl.DHCrypt.(DHCrypt.java:126)

… 28 more

[19:31:46,283][WARN ] org.elasticsearch.com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - [Lifeguard] exception caught on transport layer [[id: 0xab34b088, /192.168.254.236:45461 => [node-1.nuonuo.com/192.168.254.237:6300]](http://node-1.nuonuo.com/192.168.254.237:6300])], closing connection

java.lang.RuntimeException: Could not generate DH keypair

at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1476)

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)

at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)

at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1219)

at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)

at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)

at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)

at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)

at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)

at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)

at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)

at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: Could not generate DH keypair

at sun.security.ssl.DHCrypt.(DHCrypt.java:142)

at sun.security.ssl.DHCrypt.(DHCrypt.java:114)

at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:711)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:268)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)

at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1393)

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1256)

… 18 more

Caused by: java.security.NoSuchAlgorithmException: DiffieHellman KeyPairGenerator not available

at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:218)

at sun.security.ssl.JsseJce.getKeyPairGenerator(JsseJce.java:260)

at sun.security.ssl.DHCrypt.(DHCrypt.java:126)

… 28 more

Exception in thread “main” NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{node-0.nuonuo.com}{192.168.254.236:6300}, {#transport#-2}{node-1.nuonuo.com}{192.168.254.237:6300}, {#transport#-3}{node-2.nuonuo.com}{192.168.254.238:6300}, {#transport#-4}{node-3.nuonuo.com}{192.168.254.239:6300}]]

at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:326)

at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:223)

at org.elasticsearch.client.transport.support.TransportProxyClient.execute(TransportProxyClient.java:55)

at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:295)

at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:359)

at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:86)

at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:56)

at Sg.main(Sg.java:58)

please install latest Oracle JDK 8u144 (http://www.oracle.com/technetwork/java/javase/downloads/index.html) and see if that works.

···

Am 22.08.2017 um 13:39 schrieb Peng Wu <5wupeng@gmail.com>:

java.security.NoSuchAlgorithmException: DiffieHellman KeyPairGenerator not available