阿里云centos6.5下使用新版openjdk7(OpenJDK 64-Bit Server VM (build 24.85-b03, mixed mode)) 会碰到一个比较无奈的问题, trust all https get请求在本地oracle jdk 或低些版本的openjdk都没问题,  放到阿里云就可能会报一下错, 本人案例是在微信OAUTH交换采访令牌环时报错.

Caused by: java.security.ProviderException: java.security.KeyException
        at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:146)
        at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:704)
        at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:78)
        at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:714)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:278)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1035)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)

不是这个原因

http://bbs.aliyun.com/read/255711.html?fpage=3

类似的案例

http://jenkins-ci.361315.n4.nabble.com/Using-Java-1-7-and-SSL-self-signed-certs-td4755143.html

https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/989240

ldd /usr/lib/jvm/lib/amd64/libsunec.so 依赖的是libnss, 先升级到最新好像就可以了. 

也看了下${jre_home}/lib/security/java.security, 好像可以开启10

# the NSS security provider was not enabled for this build; it can be enabled
# if NSS (libnss3) is available on the machine. The nss.cfg file may need
# editing to reflect the location of the NSS installation.
#security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg

oracle jdk应该测试稳定多些, 他可能尽量使用了静态库, 毕竟oracle jdk安装之后是比较大, 而openjdk似乎蛮多是动态库,  但是wget很难下载到oracle jdk, 将就用着吧