How do I fix the error “Unsupported curveId: 29”?

When making an SSL (or TLS) connection from Diplomat MFT Client to a remote server, whether it is using FTPS or HTTPS, Diplomat MFT might encounter an error with the SSL handshake process, causing the connection to fail.

The Diplomat log will show a message stating “javax.net.ssl.SSLHandshakeException – Unsupported curveId: 29”.

This is because the remote server has chosen a specific curve for an Elliptic Curve ciphersuite which the Diplomat MFT does not support.

In order to fix this, you can disable all Elliptic Curve cryptography from the Java Runtime Environment (JRE) which is running Diplomat MFT.

To do so, edit the file “java.security” found in the JRE folder, here:
Diplomat 8.1.1 and higher: “C:\ProgramData\Coviant Software\Diplomat-j\jre\jre\lib\security\”
Diplomat 8.1 and prior: “C:\ProgramData\Coviant Software\Diplomat-j\jre\lib\security\”

(Note, if you are running a Trial version of Diplomat MFT, replace the
folder “Diplomat-j” with “Diplomat-trial”).

Look for the text “jdk.tls.disabledAlgorithms”. For this value, we are going to add the text “, EC” at the end (which adds all Elliptic Curves to the list of disabled algorithms. This entry should cover two lines (the first line ends with the “\” character, which means “continued on the next line”), so the edited lines end up looking like this:

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL, EC

Now you can restart the service and run the transaction again.

Updated on March 22, 2022

Was this article helpful?

Yes No

Was this article helpful?

Related Articles