It turns out that  applets are failing because the security update in
S8155973 restricted MD5-based signatures in JAR files. It was
eventually backed out by S8166381 but that one didn't make to the

One easy way to fix is to edit
/etc/java-7-openjdk/security/ and remove MD5 from the
list of "jdk.jar.disabledAlgorithms". By default this is a new setting
and should be the last line, just make sure it looks like:

jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024

For future reference, once can see when an applet is being affect by
looking for the following log line:
Codebase matches codebase manifest attribute, but application is
unsigned. Continuing.
The browser must be run with icedtea plugin debug enabled as in

Also, please be aware that Oracle is planning to reintroduce the MD5
signature restriction back in January, see section "Restrict JARs
signed with weak algorithms and keys" in


Reply via email to