Any idea what could cause the following error? We get it when we test the resource yet the file can be sent using FILEZILLA
[8098 - SFTP] Session.connect: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive). Full stack trace written to '1397290121775_error_1.log'
4/4/17 6:01:27 AM INFO Finished project 'NEW-PROJECT'
4/4/17 6:01:27 AM ERROR [8098 - SFTP] Session.connect: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
4/4/17 6:01:27 AM INFO End Date and Time: 4/4/17 6:01:27 AM
SFTP error
Post any question you may have in regards to GoAnywhere MFT and let our talented support staff and other users assist you.
If you need a quicker response, please create a support ticket via the customer portal my.goanywhere.com or contact our support team by email at [email protected].
If you need a quicker response, please create a support ticket via the customer portal my.goanywhere.com or contact our support team by email at [email protected].
- Support_Dan Offline
- Posts: 9
- Joined: Fri Dec 02, 2016 1:39 pm
Re: SFTP error
Can you send a screen shot of the SSH/SFTP resource properties? Wondering if you changed anything on the SSH Keys tab or Algorithms tab.
Re: SFTP error
The SSH keys tab is blank. Which properties tab did you need to see?
- Support_Dan Offline
- Posts: 9
- Joined: Fri Dec 02, 2016 1:39 pm
Re: SFTP error
GoAnywhere is dependent upon the ability of the Security Provider used to generate DH keypairs during the key exchange. Depending upon the key exchange algorithm used, the server MAY require a key size larger than the default Java Security Provider can support.
The solution is one of the following:
Disable the key exchange algorithm that is negotiating a key size larger than the supported max (version 5.2.4 or higher required)
Implement the BouncyCastle workaround (see below) to use the BC provider for DH key pair generation, which supports up to 8192 bit key sizes (version 5.2.4 or higher required)
Enable FIPS mode, which supports up to 8192 bit key sizes (any version of GoAnywhere) - This version has the most potential negative impact because it implements the JSafeJCE provider in a way that affects all encryption
Diffie-Hellman Key Exchange Algorithms
DH Key Exchange Algorithm
DH Key Size
diffie-hellman-group1-sha1
1024
diffie-hellman-group14-sha1 2048
diffie-hellman-group-exchange-sha1 Negotiated between 1024 and 8192
diffie-hellman-group-exchange-sha256 Negotiated between 1024 and 8192
Security Provider Max DH Key Sizes
Security Provider
Max DH Key Size
Default SunJCE (Oracle Java 1.7) 1024
Default SunJCE (Oracle Java 1.8) 2048
JSafeJCE (FIPS certified provider) 8192
BouncyCastle 8192
BouncyCastle Workaround ***Version GAMFT 5.2.4 or higher Required***
Add the following line to the [INSTALL_DIR]/config/system.properties and restart (stop then start) GoAnywhere MFT.
com.linoma.sftp.client.kexProvider.BC=true
NOTE: Java may fix this issue in a future version and this will not be needed anymore. The work around is using Bounce Castle instead of Sun JCE. Bounce Castle can create keys up to size 8192. This fixes the Client side since Server side was already using BC as the default.
NOTE: on Version 5.4.3 we got the following error
SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024)
expecting SSH_MSG_KEX_DH_GEX_GROUP
The solution is one of the following:
Disable the key exchange algorithm that is negotiating a key size larger than the supported max (version 5.2.4 or higher required)
Implement the BouncyCastle workaround (see below) to use the BC provider for DH key pair generation, which supports up to 8192 bit key sizes (version 5.2.4 or higher required)
Enable FIPS mode, which supports up to 8192 bit key sizes (any version of GoAnywhere) - This version has the most potential negative impact because it implements the JSafeJCE provider in a way that affects all encryption
Diffie-Hellman Key Exchange Algorithms
DH Key Exchange Algorithm
DH Key Size
diffie-hellman-group1-sha1
1024
diffie-hellman-group14-sha1 2048
diffie-hellman-group-exchange-sha1 Negotiated between 1024 and 8192
diffie-hellman-group-exchange-sha256 Negotiated between 1024 and 8192
Security Provider Max DH Key Sizes
Security Provider
Max DH Key Size
Default SunJCE (Oracle Java 1.7) 1024
Default SunJCE (Oracle Java 1.8) 2048
JSafeJCE (FIPS certified provider) 8192
BouncyCastle 8192
BouncyCastle Workaround ***Version GAMFT 5.2.4 or higher Required***
Add the following line to the [INSTALL_DIR]/config/system.properties and restart (stop then start) GoAnywhere MFT.
com.linoma.sftp.client.kexProvider.BC=true
NOTE: Java may fix this issue in a future version and this will not be needed anymore. The work around is using Bounce Castle instead of Sun JCE. Bounce Castle can create keys up to size 8192. This fixes the Client side since Server side was already using BC as the default.
NOTE: on Version 5.4.3 we got the following error
SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024)
expecting SSH_MSG_KEX_DH_GEX_GROUP
Re: SFTP error
I believe we fixed it. We added the key exchange to the algorithm tab, thank you for your help.