OpenShift上的OpenJDK:“NoSuchAlgorithmException:EC AlgorithmParameters not available” [英] OpenJDK on OpenShift: "NoSuchAlgorithmException: EC AlgorithmParameters not available"
问题描述
我遇到了 java.security.NoSuchAlgorithmException:EC AlgorithmParameters不可用
在OpenShift上使用Wildfly 8.2(OpenJDK 1.8.0_31)(<$抛出异常) C $ C> AmazonHttpClient )。
I'm running into java.security.NoSuchAlgorithmException: EC AlgorithmParameters not available
with Wildfly 8.2 (OpenJDK 1.8.0_31) on OpenShift (the exception is thrown by AmazonHttpClient
).
看起来OpenJDK 1.8和ECC存在错误:
https://bugzilla.redhat.com/show_bug.cgi?id=1167153
It looks like there is a bug with OpenJDK 1.8 and ECC: https://bugzilla.redhat.com/show_bug.cgi?id=1167153
On of建议的解决方法需要编辑 jre / lib / security / java.security
以禁用 jdk.tls.disabledAlgorithms = EC,ECDHE,ECDH
。
或删除 jre / lib / ext / sunec.jar
On of the suggested workarounds requires editing jre/lib/security/java.security
to disable jdk.tls.disabledAlgorithms=EC,ECDHE,ECDH
.
Or removing jre/lib/ext/sunec.jar
不幸的是我无法在OpenShift上执行此操作(缺少权限)。
Unfortunately I'm not able to do this on OpenShift (missing permissions).
这里最好的解决方法是什么?我可以选择切换到没有这个问题的Oracle JDK(在OpenShift上)吗?
What would be the best workaround here? Can I alternatively switch to Oracle JDK (on OpenShift) which does not have this problem?
UPDATE :
我删除了Sun java.security.Provider-s和改为添加BouncyCastle:
I removed Sun java.security.Provider-s and added BouncyCastle instead:
static {
Security.removeProvider("SunEC");
Security.removeProvider("SUN");
Security.removeProvider("SunJSSE");
// ...
Security.addProvider(new BouncyCastleProvider());
}
不幸的是,BouncyCastle 不是 JSSE提供商(< a href =https://stackoverflow.com/questions/23906736>使用Bouncy Castle提供程序创建SSLContext实例)和
SSLContext.getInstance()
失败,
NoSuchAlgorithmException:TLS SSLContext不可用
。
Unfortunately BouncyCastle is not a JSSE provider (create an SSLContext instance using a Bouncy Castle provider) and
SSLContext.getInstance()
fails with
NoSuchAlgorithmException: TLS SSLContext not available
.
我也试过@Rudy De Busscher提出了答案,虽然我不赞成手动设置
env变量,因为它后来很容易被遗忘。
相反,我将 JAVA_OPTS_EXT
设置添加到 $ OPENSHIFT_DATA_DIR / .my_custom_env
并加载它使用来源$ {OPENSHIFT_DATA_DIR} .my_custom_env
在
.openshift / action_hooks / pre_start
挂钩。
它没有用,但由于我仍然需要使用BouncyCastle for JSSE,我已经放弃了这个解决方案。
I also tried @Rudy De Busscher suggested answer, although I'm not in favor of manual setting
the env variable since it's something that can later easily be forgotten.
Instead, I added the JAVA_OPTS_EXT
setting to $OPENSHIFT_DATA_DIR/.my_custom_env
and loaded it with source ${OPENSHIFT_DATA_DIR}.my_custom_env
in
the .openshift/action_hooks/pre_start
hook.
It didn't worked but since I would still need to use BouncyCastle for JSSE, I have given up this solution.
Fortunatelly我能够切换回来到OpenJDK 1.7(通过 .openshift / markers / java7
)
现在解决了这个问题。
Fortunatelly I was able to switch back to OpenJDK 1.7 (via .openshift/markers/java7
)
which "solved" the problem for now.
推荐答案
找到解决方案。
您可以定义属性文件以覆盖默认JRE文件中定义的某些键 jre / lib / security / java.security
You can define a properties file to override some of the keys defined in the default JRE file jre/lib/security/java.security
此文件可以在OpenShift的JAVA_OPTS_EXT环境属性中指定Gear。
This file can be specified in the JAVA_OPTS_EXT environment property of the OpenShift Gear.
以下是解决此问题的步骤。
These are the steps that we took to fix the issue.
创建文件
- rhc ssc
gearName
- cd $ OPENSHIFT_DATA_DIR
- vi
override_security.properties
- 内容
jdk.tls.disabledAlgorithms = EC,ECDHE,ECDH
- pwd - >并记下来(co py)刚刚创建的文件的完整路径位置。
- 退出
- rhc ssc
gearName
- cd $OPENSHIFT_DATA_DIR
- vi
override_security.properties
- content is
jdk.tls.disabledAlgorithms=EC,ECDHE,ECDH
- pwd -> and note down (copy) the full path location of the just created file.
- exit
设置环境变量
- rhc env set JAVA_OPTS_EXT = -Djava.security.properties = file:
fileLocation
-agearName
- rhc env set JAVA_OPTS_EXT=-Djava.security.properties=file:
fileLocation
-agearName
重新启动你的装备/应用程序
- rhc app restart -a
gearName
- rhc app restart -a
gearName
这对我们起了作用。
这篇关于OpenShift上的OpenJDK:“NoSuchAlgorithmException:EC AlgorithmParameters not available”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!