You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Robert Hicks <ro...@gmail.com> on 2022/02/16 20:55:04 UTC
Tomcat 9.0.58 and OpenJDK 1.8.0_322
We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 and
have no issues.
We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG
SecureRandom not available" and "SHA MessageDigest not available" and
"SHA-1 not available" and others.
We downgrade to .40 and _292 and all is well again.
Was there a change that could possibly cause that?
Has anyone else seen this behavior?
We are currently troubleshooting to see if we missed something on our end
and can supply logs when that happens.
Thanks!
--
Bob
Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
Posted by Robert Hicks <ro...@gmail.com>.
We think our java.security file is borked somehow. So going down that road
at the moment.
--
Bob
On Thu, Feb 17, 2022 at 12:49 PM Thad Humphries <th...@gmail.com>
wrote:
> What is your use for SHA-1? Are you using it in your own code, like
> `MessageDigest.getInstance("SHA-1")` or do you have signed JARs? Or maybe
> certificates that use SHA-1? (though I don't think those have been a thing
> for quite some time)
>
> java.security.MessageDigest for Java 8 supposed to support MD5, SHA-1, and
> SHA-256 (see
> https://docs.oracle.com/javase/8/docs/api/java/security/MessageDigest.html
> ).
> I see references that SHA-1 has been disable for signed JARs (ex.,
> https://bugs-stage.openjdk.java.net/browse/JDK-8270610 and more
> https://adoptium.net/release_notes.html). However I do not see that SHA-1
> has been dropped from MessageDigest.
>
> Asking for a friend...
>
> On Wed, Feb 16, 2022 at 4:03 PM Noelette Stout <no...@isu.edu>
> wrote:
>
> > Based on those errors, it sounds like SHA-1 has been desupported in the
> > newer OpenJDK version.
> >
> > On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks <ro...@gmail.com>
> > wrote:
> >
> > > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292
> > and
> > > have no issues.
> > >
> > > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG
> > > SecureRandom not available" and "SHA MessageDigest not available" and
> > > "SHA-1 not available" and others.
> > >
> > > We downgrade to .40 and _292 and all is well again.
> > >
> > > Was there a change that could possibly cause that?
> > >
> > > Has anyone else seen this behavior?
> > >
> > > We are currently troubleshooting to see if we missed something on our
> end
> > > and can supply logs when that happens.
> > >
> > > Thanks!
> > >
> > > --
> > > Bob
> > >
> >
> >
> > --
> > Noelette Stout
> > ITS Enterprise Applications - Senior Application Administrator
> > Idaho State University
> > E-mail: stounoel "at" isu "dot" edu
> > Desk: 208-282-2554
> >
>
>
> --
> "Hell hath no limits, nor is circumscrib'd In one self-place; but where we
> are is hell, And where hell is, there must we ever be" --Christopher
> Marlowe, *Doctor Faustus* (v. 111-13)
>
Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
Posted by Thad Humphries <th...@gmail.com>.
What is your use for SHA-1? Are you using it in your own code, like
`MessageDigest.getInstance("SHA-1")` or do you have signed JARs? Or maybe
certificates that use SHA-1? (though I don't think those have been a thing
for quite some time)
java.security.MessageDigest for Java 8 supposed to support MD5, SHA-1, and
SHA-256 (see
https://docs.oracle.com/javase/8/docs/api/java/security/MessageDigest.html).
I see references that SHA-1 has been disable for signed JARs (ex.,
https://bugs-stage.openjdk.java.net/browse/JDK-8270610 and more
https://adoptium.net/release_notes.html). However I do not see that SHA-1
has been dropped from MessageDigest.
Asking for a friend...
On Wed, Feb 16, 2022 at 4:03 PM Noelette Stout <no...@isu.edu>
wrote:
> Based on those errors, it sounds like SHA-1 has been desupported in the
> newer OpenJDK version.
>
> On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks <ro...@gmail.com>
> wrote:
>
> > We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292
> and
> > have no issues.
> >
> > We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG
> > SecureRandom not available" and "SHA MessageDigest not available" and
> > "SHA-1 not available" and others.
> >
> > We downgrade to .40 and _292 and all is well again.
> >
> > Was there a change that could possibly cause that?
> >
> > Has anyone else seen this behavior?
> >
> > We are currently troubleshooting to see if we missed something on our end
> > and can supply logs when that happens.
> >
> > Thanks!
> >
> > --
> > Bob
> >
>
>
> --
> Noelette Stout
> ITS Enterprise Applications - Senior Application Administrator
> Idaho State University
> E-mail: stounoel "at" isu "dot" edu
> Desk: 208-282-2554
>
--
"Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be" --Christopher
Marlowe, *Doctor Faustus* (v. 111-13)
Re: Tomcat 9.0.58 and OpenJDK 1.8.0_322
Posted by Noelette Stout <no...@isu.edu>.
Based on those errors, it sounds like SHA-1 has been desupported in the
newer OpenJDK version.
On Wed, Feb 16, 2022 at 1:55 PM Robert Hicks <ro...@gmail.com> wrote:
> We are currently running Tomcat 9.0.40 and OpenJDK (Red Hat) 1.8.0_292 and
> have no issues.
>
> We upgrade to the ones in the subject line and Tomcat throws "SHA1PRNG
> SecureRandom not available" and "SHA MessageDigest not available" and
> "SHA-1 not available" and others.
>
> We downgrade to .40 and _292 and all is well again.
>
> Was there a change that could possibly cause that?
>
> Has anyone else seen this behavior?
>
> We are currently troubleshooting to see if we missed something on our end
> and can supply logs when that happens.
>
> Thanks!
>
> --
> Bob
>
--
Noelette Stout
ITS Enterprise Applications - Senior Application Administrator
Idaho State University
E-mail: stounoel "at" isu "dot" edu
Desk: 208-282-2554