[
https://issues.apache.org/jira/browse/SLIDER-1111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15246348#comment-15246348
]
Jonathan Maron commented on SLIDER-1111:
----------------------------------------
Newer JDKs are unhappy with MD5 as a certificate signing algorithm:
https://blogs.oracle.com/java-platform-group/entry/strengthening_signatures_part_2
There are a number of options listed in that link, but I suppose this means we
should explore leveraging a more secure algorithm.
> Accumulo SSL ITs can fail with newer JDKs
> ------------------------------------------
>
> Key: SLIDER-1111
> URL: https://issues.apache.org/jira/browse/SLIDER-1111
> Project: Slider
> Issue Type: Bug
> Components: app-package, security
> Reporter: Billie Rinaldi
> Assignee: Billie Rinaldi
> Fix For: Slider 1.0.0
>
>
> I've encountered multiple SSL errors when running the Accumulo funtests with
> jdk 1.8.0_77-b03: "javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: Certificates does not conform to
> algorithm constraints" and "javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path validation failed:
> java.security.cert.CertPathValidatorException: Algorithm constraints check
> failed: MD5withRSA".
> The first error appears to be related to AccumuloSSLTestBase using
> X509ExtendedTrustManager instead of X509TrustManager:
> http://stackoverflow.com/questions/14149545/java-security-cert-certificateexception-certificates-does-not-conform-to-algori
> The second seems to be due to SecurityUtils specifying a default hash of md5
> when signing certs:
> https://github.com/apache/incubator-slider/blob/develop/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java#L61
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
