Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
We think our java.security file is borked somehow. So going down that road
at the moment.
--
Bob
On Thu, Feb 17, 2022 at 12:49 PM Thad Humphries
wrote:
> What is your use for SHA-1? Are you using it in your own code, like
> `MessageDigest.getInstance("SHA-1")` or do you have signed JARs? Or maybe
> certificates that use SHA-1? (though I don't think those have been a thing
> for quite some time)
>
> java.security.MessageDigest for Java 8 supposed to support MD5, SHA-1, and
> SHA-256 (see
> https://docs.oracle.com/javase/8/docs/api/java/security/MessageDigest.html
> ).
> I see references that SHA-1 has been disable for signed JARs (ex.,
> https://bugs-stage.openjdk.java.net/browse/JDK-8270610 and more
> https://adoptium.net/release_notes.html). However I do not see that SHA-1
> has been dropped from MessageDigest.
>
> Asking for a friend...
>
> On Wed, Feb 16, 2022 at 4:03 PM Noelette Stout
> wrote:
>
> > Based on those errors, it sounds like SHA-1 has been desupported in the
> > newer OpenJDK version.
> >
> > On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks
> > wrote:
> >
> > > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292
> > and
> > > have no issues.
> > >
> > > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG
> > > SecureRandom not available" and "SHA MessageDigest not available" and
> > > "SHA-1 not available" and others.
> > >
> > > We downgrade to .40 and _292 and all is well again.
> > >
> > > Was there a change that could possibly cause that?
> > >
> > > Has anyone else seen this behavior?
> > >
> > > We are currently troubleshooting to see if we missed something on our
> end
> > > and can supply logs when that happens.
> > >
> > > Thanks!
> > >
> > > --
> > > Bob
> > >
> >
> >
> > --
> > Noelette Stout
> > ITS Enterprise Applications - Senior Application Administrator
> > Idaho State University
> > E-mail: stounoel "at" isu "dot" edu
> > Desk: 208-282-2554
> >
>
>
> --
> "Hell hath no limits, nor is circumscrib'd In one self-place; but where we
> are is hell, And where hell is, there must we ever be" --Christopher
> Marlowe, *Doctor Faustus* (v. 111-13)
>
Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
What is your use for SHA-1? Are you using it in your own code, like
`MessageDigest.getInstance("SHA-1")` or do you have signed JARs? Or maybe
certificates that use SHA-1? (though I don't think those have been a thing
for quite some time)
java.security.MessageDigest for Java 8 supposed to support MD5, SHA-1, and
SHA-256 (see
https://docs.oracle.com/javase/8/docs/api/java/security/MessageDigest.html).
I see references that SHA-1 has been disable for signed JARs (ex.,
https://bugs-stage.openjdk.java.net/browse/JDK-8270610 and more
https://adoptium.net/release_notes.html). However I do not see that SHA-1
has been dropped from MessageDigest.
Asking for a friend...
On Wed, Feb 16, 2022 at 4:03 PM Noelette Stout
wrote:
> Based on those errors, it sounds like SHA-1 has been desupported in the
> newer OpenJDK version.
>
> On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks
> wrote:
>
> > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292
> and
> > have no issues.
> >
> > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG
> > SecureRandom not available" and "SHA MessageDigest not available" and
> > "SHA-1 not available" and others.
> >
> > We downgrade to .40 and _292 and all is well again.
> >
> > Was there a change that could possibly cause that?
> >
> > Has anyone else seen this behavior?
> >
> > We are currently troubleshooting to see if we missed something on our end
> > and can supply logs when that happens.
> >
> > Thanks!
> >
> > --
> > Bob
> >
>
>
> --
> Noelette Stout
> ITS Enterprise Applications - Senior Application Administrator
> Idaho State University
> E-mail: stounoel "at" isu "dot" edu
> Desk: 208-282-2554
>
--
"Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be" --Christopher
Marlowe, *Doctor Faustus* (v. 111-13)
Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
Based on those errors, it sounds like SHA-1 has been desupported in the newer OpenJDK version. On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks wrote: > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 and > have no issues. > > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG > SecureRandom not available" and "SHA MessageDigest not available" and > "SHA-1 not available" and others. > > We downgrade to .40 and _292 and all is well again. > > Was there a change that could possibly cause that? > > Has anyone else seen this behavior? > > We are currently troubleshooting to see if we missed something on our end > and can supply logs when that happens. > > Thanks! > > -- > Bob > -- Noelette Stout ITS Enterprise Applications - Senior Application Administrator Idaho State University E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554
