Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
We think our java.security file is borked somehow. So going down that road at the moment. -- Bob On Thu, Feb 17, 2022 at 12:49 PM Thad Humphries wrote: > What is your use for SHA-1? Are you using it in your own code, like > `MessageDigest.getInstance("SHA-1")` or do you have signed JARs? Or maybe > certificates that use SHA-1? (though I don't think those have been a thing > for quite some time) > > java.security.MessageDigest for Java 8 supposed to support MD5, SHA-1, and > SHA-256 (see > https://docs.oracle.com/javase/8/docs/api/java/security/MessageDigest.html > ). > I see references that SHA-1 has been disable for signed JARs (ex., > https://bugs-stage.openjdk.java.net/browse/JDK-8270610 and more > https://adoptium.net/release_notes.html). However I do not see that SHA-1 > has been dropped from MessageDigest. > > Asking for a friend... > > On Wed, Feb 16, 2022 at 4:03 PM Noelette Stout > wrote: > > > Based on those errors, it sounds like SHA-1 has been desupported in the > > newer OpenJDK version. > > > > On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks > > wrote: > > > > > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 > > and > > > have no issues. > > > > > > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG > > > SecureRandom not available" and "SHA MessageDigest not available" and > > > "SHA-1 not available" and others. > > > > > > We downgrade to .40 and _292 and all is well again. > > > > > > Was there a change that could possibly cause that? > > > > > > Has anyone else seen this behavior? > > > > > > We are currently troubleshooting to see if we missed something on our > end > > > and can supply logs when that happens. > > > > > > Thanks! > > > > > > -- > > > Bob > > > > > > > > > -- > > Noelette Stout > > ITS Enterprise Applications - Senior Application Administrator > > Idaho State University > > E-mail: stounoel "at" isu "dot" edu > > Desk: 208-282-2554 > > > > > -- > "Hell hath no limits, nor is circumscrib'd In one self-place; but where we > are is hell, And where hell is, there must we ever be" --Christopher > Marlowe, *Doctor Faustus* (v. 111-13) >
Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
What is your use for SHA-1? Are you using it in your own code, like `MessageDigest.getInstance("SHA-1")` or do you have signed JARs? Or maybe certificates that use SHA-1? (though I don't think those have been a thing for quite some time) java.security.MessageDigest for Java 8 supposed to support MD5, SHA-1, and SHA-256 (see https://docs.oracle.com/javase/8/docs/api/java/security/MessageDigest.html). I see references that SHA-1 has been disable for signed JARs (ex., https://bugs-stage.openjdk.java.net/browse/JDK-8270610 and more https://adoptium.net/release_notes.html). However I do not see that SHA-1 has been dropped from MessageDigest. Asking for a friend... On Wed, Feb 16, 2022 at 4:03 PM Noelette Stout wrote: > Based on those errors, it sounds like SHA-1 has been desupported in the > newer OpenJDK version. > > On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks > wrote: > > > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 > and > > have no issues. > > > > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG > > SecureRandom not available" and "SHA MessageDigest not available" and > > "SHA-1 not available" and others. > > > > We downgrade to .40 and _292 and all is well again. > > > > Was there a change that could possibly cause that? > > > > Has anyone else seen this behavior? > > > > We are currently troubleshooting to see if we missed something on our end > > and can supply logs when that happens. > > > > Thanks! > > > > -- > > Bob > > > > > -- > Noelette Stout > ITS Enterprise Applications - Senior Application Administrator > Idaho State University > E-mail: stounoel "at" isu "dot" edu > Desk: 208-282-2554 > -- "Hell hath no limits, nor is circumscrib'd In one self-place; but where we are is hell, And where hell is, there must we ever be" --Christopher Marlowe, *Doctor Faustus* (v. 111-13)
Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
Based on those errors, it sounds like SHA-1 has been desupported in the newer OpenJDK version. On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks wrote: > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 and > have no issues. > > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG > SecureRandom not available" and "SHA MessageDigest not available" and > "SHA-1 not available" and others. > > We downgrade to .40 and _292 and all is well again. > > Was there a change that could possibly cause that? > > Has anyone else seen this behavior? > > We are currently troubleshooting to see if we missed something on our end > and can supply logs when that happens. > > Thanks! > > -- > Bob > -- Noelette Stout ITS Enterprise Applications - Senior Application Administrator Idaho State University E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
Tomcat 9.0.58 and OpenJDK 1.8.0_322
We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 and have no issues. We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG SecureRandom not available" and "SHA MessageDigest not available" and "SHA-1 not available" and others. We downgrade to .40 and _292 and all is well again. Was there a change that could possibly cause that? Has anyone else seen this behavior? We are currently troubleshooting to see if we missed something on our end and can supply logs when that happens. Thanks! -- Bob