-
|
I'm not sure where to ask this question, so I'll start here. I have used Adoptium/Bellsoft/AZUL OpenJDK 8u362_b09 to run a large java program on several UNIX OS Systems, i.e., AIX, HP, RHEL, Oracle Linux, SuSE, Solaris. The program works fine on all the systems except Solaris 11 Sparc. Solaris 10 Sparc and Solaris 11 X86 have no issues. The program runs fine using Oracle JDK 8u361_b09 on Solaris 11 Sparc. When I run the program on Solaris 11 Sparc using OpenJDK 8u362_b09, I get the following warning messages in the /var/adm/messages file java[8132]: [ID 275133 user.warning] use of deprecated crypto cipher sha1 by jre/bin/java Since the warning messages only occur on Solaris 11 Sparc using OpenJDK 8u362_b09 and not Oracle JDK 8u361_b09, I'm not sure what the issue is. It appears to be an OpenJDK issue. Has anyone seen this before and can anyone tell me where to find a solution? Thanks for any help |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
NOTE: This is a GPT-4 response which I edited lightly. To resolve warning messages in a Solaris operating system related to the use of deprecated ciphers by Java, you'll need to update the Java configuration to utilize more secure and up-to-date ciphers. Here's a step-by-step guide on how to achieve this: Locate the java.security file: The java.security file is located in the Backup the java.security file: Edit the java.security file: Open the For example, you might see something like this: Remove the deprecated cipher (in this case, SHA1) from the list of disabled algorithms: Save and close the file. Update your application's cipher suite: If your Java application explicitly specifies a cipher suite that includes the deprecated cipher (SHA1), update the cipher suite to use more secure algorithms. Check your application's documentation or source code to locate and update the cipher suite. Restart your Java application: After making these changes, restart your Java application to apply the new settings. Please note that using deprecated ciphers like SHA1 is not recommended due to their known security vulnerabilities. It's advisable to update your application to use stronger ciphers and algorithms to ensure better security. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your reply. I have tried the below including copying all the configuration files from the Oracle JDK (/usr/jkd/jdk1.8.0_361) with no changes. I will try again with some other modifications.
My question was more ‘Why does this warning message only happen when running Adoptium OpenJDK 8u362 on Solaris 11 Sparc’. The warning message does not happen when running Solaris Oracle JDK 8u361 on Solaris 11 Sparc. The warning message also does not happen on any other Operating System including Solaris 11 X86 and Solaris 10 Sparc/X86. This is happening on several Solaris 11 Sparc servers not just 1 or 2.
Ella Furlong
Hosting and Compute Center
Cyber Services Line of Business, HC3714
Defense Information Systems Agency (DISA)
☎ CML: (334) 819-3133 DSN: 322-819-3133
From: Martijn Verburg ***@***.***>
Sent: Thursday, March 16, 2023 7:45 PM
To: adoptium/adoptium-support ***@***.***>
Cc: Furlong, Ella L CIV DISA HACC (USA) ***@***.***>; Author ***@***.***>
Subject: Re: [adoptium/adoptium-support] OpenJDK versus Oracle JDK and Deprecated Crypto Ciphers (Discussion #736)
You don't often get email from ***@***.*** Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
NOTE: This is a GPT-4 response which I edited lightly.
To resolve warning messages in a Solaris operating system related to the use of deprecated ciphers by Java, you'll need to update the Java configuration to utilize more secure and up-to-date ciphers. Here's a step-by-step guide on how to achieve this:
Locate the java.security file:
The java.security file is located in the $JAVA_HOME/conf/security directory for Java 9 and later, and in $JAVA_HOME/lib/security for Java 8 and earlier versions. Replace $JAVA_HOME with the path to your Java installation.
Backup the java.security file:
Before making any changes, create a backup of the java.security file. In the terminal, navigate to the security folder and run:
cp java.security java.security.backup
Edit the java.security file:
Open the java.security file using a text editor like vi, vim, or nano. Look for the line that defines the jdk.tls.disabledAlgorithms property. This line lists the disabled ciphers and algorithms in Java.
For example, you might see something like this:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, MD5, SHA1, DES
Remove the deprecated cipher (in this case, SHA1) from the list of disabled algorithms:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, MD5, DES
Save and close the file.
Update your application's cipher suite:
If your Java application explicitly specifies a cipher suite that includes the deprecated cipher (SHA1), update the cipher suite to use more secure algorithms. Check your application's documentation or source code to locate and update the cipher suite.
Restart your Java application:
After making these changes, restart your Java application to apply the new settings.
Please note that using deprecated ciphers like SHA1 is not recommended due to their known security vulnerabilities. It's advisable to update your application to use stronger ciphers and algorithms to ensure better security.
—
Reply to this email directly, view it on GitHub<https://usg01.safelinks.protection.office365.us/?url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fadoptium-support%2Fdiscussions%2F736%23discussioncomment-5340122&data=05%7C01%7Cella.l.furlong2.civ%40mail.mil%7C8d8dd83eb7e542b5449308db2680f498%7C102d0191eeae4761b1cb1a83e86ef445%7C0%7C0%7C638146107558741053%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=2rOx1ykOwftGj8QMbEpB3oTgjZOJEEMmvAYUCXW6xp8%3D&reserved=0>, or unsubscribe<https://usg01.safelinks.protection.office365.us/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FA54SJCI6HP6X7EV3CW5QBJTW4OXZFANCNFSM6AAAAAAV5IXKNE&data=05%7C01%7Cella.l.furlong2.civ%40mail.mil%7C8d8dd83eb7e542b5449308db2680f498%7C102d0191eeae4761b1cb1a83e86ef445%7C0%7C0%7C638146107558741053%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AzzAXIOcFmsccQbR09Hv8HrJecS9JjxIOBFi7OeBzYM%3D&reserved=0>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
I'm not 100% sure although I suspect that the way you have Solaris Sparc configured is that it natively checks for these. It could be related to #738 & https://bugs.openjdk.org/browse/JDK-8278851 See the bolded bit in the comment: Please approve backporting this fix to 8u. This patch fixes an issue where jars which are double-signed while one of the signatories using a deprecated digest algorithm for the entire jar to be treated as unsigned, even though a valid signature with a non-deprecated digest algorithm exists on the jar. It fixes a regression newly introduced in 8u362. The patch was not clean, but the changes were only in test code (different test infra). The patch got reviewed by Martin Balao. Risk should be moderate. jarsigner and new regression tests pass. |
Beta Was this translation helpful? Give feedback.
NOTE: This is a GPT-4 response which I edited lightly.
To resolve warning messages in a Solaris operating system related to the use of deprecated ciphers by Java, you'll need to update the Java configuration to utilize more secure and up-to-date ciphers. Here's a step-by-step guide on how to achieve this:
Locate the java.security file:
The java.security file is located in the
$JAVA_HOME/conf/securitydirectory for Java 9 and later, and in$JAVA_HOME/lib/securityfor Java 8 and earlier versions. Replace$JAVA_HOMEwith the path to your Java installation.Backup the java.security file:
Before making any changes, create a backup of the java.security file. In the terminal, navigate to the sec…