E5-2660
Bronze

Java update broke Jviewer on M610 IDRAC6

Jump to solution

After upgrading Java to 1.8.0_131, the Jviewer doesn't work anymore with the M610 blades. All you get is this error:

The only workaround so far was to do downgrade Java to 1.8.0_121.

0 Kudos
9 Replies
Moderator
Moderator

RE: Java update broke Jviewer on M610 IDRAC6

Jump to solution

Hi,

Is the iDRAC firmware up to date? There were some changes to OpenSSL in the last version. 

Thanks,
Josh Craig
Dell EMC Enterprise Support Services
Get support on Twitter @DellCaresPRO
0 Kudos
E5-2660
Bronze

RE: Java update broke Jviewer on M610 IDRAC6

Jump to solution

Hi Josh,

yes, iDRAC is at 3.80. This isn't related to SSL but to Java's JAR file signatures, the JAR files downloaded for Jviewer from the iDRAC are not signed in a way still accepted by current Java.

0 Kudos
E5-2660
Bronze

RE: Java update broke Jviewer on M610 IDRAC6

Jump to solution

This is what you get when you download the jar files for JViewer and try to verify them:

% jarsigner -verify JViewer.jar

jar verified.

Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2018-12-12) or after any future revocation date.

Re-run with the -verbose and -certs options for more details.

% jarsigner -verify Linux_x86_64.jar

jar verified.

Warning:
This jar contains entries whose signer certificate has expired.
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2012-07-27) or after any future revocation date.

Re-run with the -verbose and -certs options for more details.

0 Kudos
Moderator
Moderator

RE: Java update broke Jviewer on M610 IDRAC6

Jump to solution

I would continue to use the older java version. 

Thanks,
Josh Craig
Dell EMC Enterprise Support Services
Get support on Twitter @DellCaresPRO
0 Kudos
b.lange
Copper

RE: Java update broke Jviewer on M610 IDRAC6

Jump to solution

I can confirm this issue for our M710 blades. Adding it to the whitelist in the Java Control Panel does not fix it.
iDRAC on R610 is not affected, it uses a different version.

From what it looks like only the blades are causing issues.
I am sure there are some M915 systems out there with support.
Is there any chance we will see an updated iDRAC release?

js138
Copper

RE: Java update broke Jviewer on M610 IDRAC6

Jump to solution

This is not an option for most people whose security patches and updates are applied automatically, or in a timely fashion.

Having the JAR resources signed by the same certificate doesn't on the face of it seem like it would be too hard to arrange?

tlindgren
Copper

RE: Java update broke Jviewer on M610 IDRAC6

Jump to solution

The JAR file in question is signed with a MD5-based signature which was disabled in 1.8.0_131, this is what leads Java to reject the JAR file.

Until Dell do that a workaround is to edit C:\Program Files (x86)\Java\jre1.8.0_131\lib\security\java.security and remove the "MD5" from the jdk.jar.disabledAlgorithms line. I've confirmed that change makes it work on our M610 blades with 3.80.

But not everyone is going to be able to do those kind of changes so Dell really do need to get this fixed. At least the workaround suggests it should be extremely easy for Dell to fix it.

0 Kudos
frednix81
Copper

RE: Java update broke Jviewer on M610 IDRAC6

Jump to solution

Hello,

same problem for us.

Alternative workaround to downgrade to java <1.8.20, you can comment this line in lib/security/java.security:

      jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

Please pay attention to the fact that by doing this you will decrease the protection level of your browser.
Decide youserlf what is worst: using an old version of java or trust application signed with weak algorithms.

Highlighted
E5-2660
Bronze

RE: Java update broke Jviewer on M610 IDRAC6

Jump to solution

There was even an unexpected update of the IDRAC6 firmware to version 3.85, but it didn't fix this problem.