Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
We think our java.security file is borked somehow. So going down that road at the moment. -- Bob On Thu, Feb 17, 2022 at 12:49 PM Thad Humphries wrote: > What is your use for SHA-1? Are you using it in your own code, like > `MessageDigest.getInstance("SHA-1")` or do you have signed JARs? Or maybe > certificates that use SHA-1? (though I don't think those have been a thing > for quite some time) > > java.security.MessageDigest for Java 8 supposed to support MD5, SHA-1, and > SHA-256 (see > https://docs.oracle.com/javase/8/docs/api/java/security/MessageDigest.html > ). > I see references that SHA-1 has been disable for signed JARs (ex., > https://bugs-stage.openjdk.java.net/browse/JDK-8270610 and more > https://adoptium.net/release_notes.html). However I do not see that SHA-1 > has been dropped from MessageDigest. > > Asking for a friend... > > On Wed, Feb 16, 2022 at 4:03 PM Noelette Stout > wrote: > > > Based on those errors, it sounds like SHA-1 has been desupported in the > > newer OpenJDK version. > > > > On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks > > wrote: > > > > > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 > > and > > > have no issues. > > > > > > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG > > > SecureRandom not available" and "SHA MessageDigest not available" and > > > "SHA-1 not available" and others. > > > > > > We downgrade to .40 and _292 and all is well again. > > > > > > Was there a change that could possibly cause that? > > > > > > Has anyone else seen this behavior? > > > > > > We are currently troubleshooting to see if we missed something on our > end > > > and can supply logs when that happens. > > > > > > Thanks! > > > > > > -- > > > Bob > > > > > > > > > -- > > Noelette Stout > > ITS Enterprise Applications - Senior Application Administrator > > Idaho State University > > E-mail: stounoel "at" isu "dot" edu > > Desk: 208-282-2554 > > > > > -- > "Hell hath no limits, nor is circumscrib'd In one self-place; but where we > are is hell, And where hell is, there must we ever be" --Christopher > Marlowe, *Doctor Faustus* (v. 111-13) >
Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
What is your use for SHA-1? Are you using it in your own code, like `MessageDigest.getInstance("SHA-1")` or do you have signed JARs? Or maybe certificates that use SHA-1? (though I don't think those have been a thing for quite some time) java.security.MessageDigest for Java 8 supposed to support MD5, SHA-1, and SHA-256 (see https://docs.oracle.com/javase/8/docs/api/java/security/MessageDigest.html). I see references that SHA-1 has been disable for signed JARs (ex., https://bugs-stage.openjdk.java.net/browse/JDK-8270610 and more https://adoptium.net/release_notes.html). However I do not see that SHA-1 has been dropped from MessageDigest. Asking for a friend... On Wed, Feb 16, 2022 at 4:03 PM Noelette Stout wrote: > Based on those errors, it sounds like SHA-1 has been desupported in the > newer OpenJDK version. > > On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks > wrote: > > > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 > and > > have no issues. > > > > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG > > SecureRandom not available" and "SHA MessageDigest not available" and > > "SHA-1 not available" and others. > > > > We downgrade to .40 and _292 and all is well again. > > > > Was there a change that could possibly cause that? > > > > Has anyone else seen this behavior? > > > > We are currently troubleshooting to see if we missed something on our end > > and can supply logs when that happens. > > > > Thanks! > > > > -- > > Bob > > > > > -- > Noelette Stout > ITS Enterprise Applications - Senior Application Administrator > Idaho State University > E-mail: stounoel "at" isu "dot" edu > Desk: 208-282-2554 > -- "Hell hath no limits, nor is circumscrib'd In one self-place; but where we are is hell, And where hell is, there must we ever be" --Christopher Marlowe, *Doctor Faustus* (v. 111-13)
Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
Based on those errors, it sounds like SHA-1 has been desupported in the newer OpenJDK version. On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks wrote: > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 and > have no issues. > > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG > SecureRandom not available" and "SHA MessageDigest not available" and > "SHA-1 not available" and others. > > We downgrade to .40 and _292 and all is well again. > > Was there a change that could possibly cause that? > > Has anyone else seen this behavior? > > We are currently troubleshooting to see if we missed something on our end > and can supply logs when that happens. > > Thanks! > > -- > Bob > -- Noelette Stout ITS Enterprise Applications - Senior Application Administrator Idaho State University E-mail: stounoel "at" isu "dot" edu Desk: 208-282-2554