This post is more than 5 years old
33 Posts
0
18185
Java update broke Jviewer on M610 IDRAC6
After upgrading Java to 1.8.0_131, the Jviewer doesn't work anymore with the M610 blades. All you get is this error:
The only workaround so far was to do downgrade Java to 1.8.0_121.
tlindgren
2 Posts
2
June 6th, 2017 10:00
The JAR file in question is signed with a MD5-based signature which was disabled in 1.8.0_131, this is what leads Java to reject the JAR file.
Until Dell do that a workaround is to edit C:\Program Files (x86)\Java\jre1.8.0_131\lib\security\java.security and remove the "MD5" from the jdk.jar.disabledAlgorithms line. I've confirmed that change makes it work on our M610 blades with 3.80.
But not everyone is going to be able to do those kind of changes so Dell really do need to get this fixed. At least the workaround suggests it should be extremely easy for Dell to fix it.
DELL-Josh Cr
Moderator
Moderator
•
8.5K Posts
0
April 25th, 2017 14:00
Hi,
Is the iDRAC firmware up to date? There were some changes to OpenSSL in the last version.
E5-2660
33 Posts
0
April 27th, 2017 00:00
Hi Josh,
yes, iDRAC is at 3.80. This isn't related to SSL but to Java's JAR file signatures, the JAR files downloaded for Jviewer from the iDRAC are not signed in a way still accepted by current Java.
E5-2660
33 Posts
0
April 27th, 2017 03:00
This is what you get when you download the jar files for JViewer and try to verify them:
% jarsigner -verify JViewer.jar
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2018-12-12) or after any future revocation date.
Re-run with the -verbose and -certs options for more details.
% jarsigner -verify Linux_x86_64.jar
jar verified.
Warning:
This jar contains entries whose signer certificate has expired.
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2012-07-27) or after any future revocation date.
Re-run with the -verbose and -certs options for more details.
DELL-Josh Cr
Moderator
Moderator
•
8.5K Posts
0
April 27th, 2017 10:00
I would continue to use the older java version.
b.lange
1 Message
1
May 5th, 2017 13:00
I can confirm this issue for our M710 blades. Adding it to the whitelist in the Java Control Panel does not fix it.
iDRAC on R610 is not affected, it uses a different version.
From what it looks like only the blades are causing issues.
I am sure there are some M915 systems out there with support.
Is there any chance we will see an updated iDRAC release?
js138
2 Posts
1
May 11th, 2017 05:00
This is not an option for most people whose security patches and updates are applied automatically, or in a timely fashion.
Having the JAR resources signed by the same certificate doesn't on the face of it seem like it would be too hard to arrange?
frednix81
2 Posts
1
June 13th, 2017 03:00
Hello,
same problem for us.
Alternative workaround to downgrade to java <1.8.20, you can comment this line in lib/security/java.security:
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
Please pay attention to the fact that by doing this you will decrease the protection level of your browser.
Decide youserlf what is worst: using an old version of java or trust application signed with weak algorithms.
E5-2660
33 Posts
1
August 14th, 2017 04:00
There was even an unexpected update of the IDRAC6 firmware to version 3.85, but it didn't fix this problem.