[ https://issues.apache.org/jira/browse/SLIDER-1111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15246348#comment-15246348 ]
Jonathan Maron commented on SLIDER-1111: ---------------------------------------- Newer JDKs are unhappy with MD5 as a certificate signing algorithm: https://blogs.oracle.com/java-platform-group/entry/strengthening_signatures_part_2 There are a number of options listed in that link, but I suppose this means we should explore leveraging a more secure algorithm. > Accumulo SSL ITs can fail with newer JDKs > ------------------------------------------ > > Key: SLIDER-1111 > URL: https://issues.apache.org/jira/browse/SLIDER-1111 > Project: Slider > Issue Type: Bug > Components: app-package, security > Reporter: Billie Rinaldi > Assignee: Billie Rinaldi > Fix For: Slider 1.0.0 > > > I've encountered multiple SSL errors when running the Accumulo funtests with > jdk 1.8.0_77-b03: "javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: Certificates does not conform to > algorithm constraints" and "javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path validation failed: > java.security.cert.CertPathValidatorException: Algorithm constraints check > failed: MD5withRSA". > The first error appears to be related to AccumuloSSLTestBase using > X509ExtendedTrustManager instead of X509TrustManager: > http://stackoverflow.com/questions/14149545/java-security-cert-certificateexception-certificates-does-not-conform-to-algori > The second seems to be due to SecurityUtils specifying a default hash of md5 > when signing certs: > https://github.com/apache/incubator-slider/blob/develop/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java#L61 -- This message was sent by Atlassian JIRA (v6.3.4#6332)