I'm getting the following exception when I enable SSL debug via -Djavax.net.debug=ssl:
java.security.NoSuchAlgorithmException: EC AlgorithmParameters not available
I'm running Centos 6.7, Open JDK 1.8.0_91 & Tomcat 7.0.63
My research indicates that this is a known bug: https://bugs.centos.org/view.php?id=9482
I found numerous sources indicating that a workaround for this is to disable the Elliptic Curve cipher algorithms by setting the following property in the jre/lib/security/java.security file:
jdk.tls.disabledAlgorithms=EC,ECDHE,ECDH
I looked at my java.security file and found that these algorithms were already disabled:
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keysize < 768, EC, ECDHE, ECDH
I tried changing this property to be exactly as shown in the examples I found and that did not work either. I also tried removing the jre/lib/ext/sunec.jar file, which again had no effect.
I've carefully traced my installation of Tomcat to ensure that the jre/lib/security/java.security file I'm modifying is the one Tomcat is running on.
If anyone has any ideas about what is going on here or how I can work around this problem I would be very grateful to get your input.
This question is related to OpenJDK on OpenShift: "NoSuchAlgorithmException: EC AlgorithmParameters not available" except I'm not using OpenShift and I am able to edit my java.security file to attempt the well known workaround. My problem is that the workaround does not work for me.
Related
I have started to face this problem. While trying to connect, I am facing an error stating that my traffic-manager version is 2.1.5 and it should be at least 2.4.5.
"telepresence connect" command checks for new versions and modifies it if there is any new version exists. So I am thinking that started to create a problem. Because I was using it as normal.
When I check the connector.log file these two lines create the problem.
connector/session : Existing Traffic Manager 2.6.5 not owned by cli or does not need upgrade, will not modify
connector/session : failed to connect to root daemon: rpc error: code = Unknown desc = unsupported traffic-manager version 2.1.5. Minimum supported version is 2.4.5
So somehow I have two versions now while checking for the update it hits 2.6.5 but while trying to run it tries with 2.1.5. Trying to uninstall telepresence but it also faces the same problem and I couldn't locate and delete traffic-manager 2.1.5. My OS is Windows 11.
Because of that, I am kind of blocked with my tests. Any help will be well appreciated. Thanks!
After asking the question, a new version arrived, if anyone encountered this problem, please update telepresence to 2.6.6. It is fixed now.
Anything that Atom + proto-repl does involves lein, so I decided to check out lein. 'lein help' works, but attempting 'lein repl' gives the following errors:
gw-mac-pro:~ gr$ lein repl
Could not find artifact proto-repl:proto-repl:jar:1.4.24 in central (https://repo1.maven.org/maven2/)
Could not find artifact proto-repl:proto-repl:jar:1.4.24 in clojars (https://repo.clojars.org/)
This could be due to a typo in :dependencies, file system permissions, or network issues.
If you are behind a proxy, try setting the 'http_proxy' environment variable.
Could not resolve dependencies
I get the same set of messages when I attempt to run code from within Atom.
I've searched for hours for any kind of arcana about Atom, lein, or proto-repl, and I'm amazed that searching on 'lein error could not find artifact' continues to find nothing useful.
I'm surprised that no one has encountered this same problem. I'm running on macOS Mojave (10.14.6). Can you help me? Thanks.
I'm unable to install almost any of the Paw extensions. Unfortunately several of the ones that won't install are the ones I really want! :)
I've tried almost all the code generators, and only found one that would install. e.g.
Swift + NSURLSession Code Generator — does not install
JavaScript + jQuery Code Generator — does not install
Objective-C + NSURLConnection Code Generator — does not install
WordPress Code Generator — does not install
The one that works:
Betamax.py Generator — does install
For those that don't work, the following appears in the console:
30/09/15 7:21:11.328 PM Paw[9673]: NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
It seems to be a "problem" with El Capitan. According to this question, iOS 9 and OSX 10.11 require TLSv1.2 SSL for all hosts you plan to request data from unless you specify exception domains in your app's Info.plist file.
I tried to manually edit Info.plist and add
<key>NSAppTransportSecurity</key>
<dict>
<!--Connect to anything (this is probably BAD)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
But, after that, I just could not start Paw anymore and got the following line on console
07/10/15 00:39:15,398 com.apple.xpc.launchd[1]: (com.luckymarmot.Paw.103392[905]) Service exited due to signal: Illegal instruction: 4
It's now fixed in Paw 2.2.5, which is ready now on the website, or in a couple of days on the Mac App Store.
When I try to debug or run a PHP script on my test Windows server using Aptana and PHP 5.4.24 (or the latest 5.4.x, 5.4.40), I am told "Malformed \uxxxx encoding" has occurred.
Given most material online about this error (with any Java code) refers to paths, I've tried installing this PHP version in two locations (and with an additionally different path), with no change. None of the paths contain the string "\u".
If I use PHP 5.5.12 instead, there's no error.
My production server uses 5.4.24, and I would prefer to leave it the way it is for the time being. I would like to debug using the same version of PHP.
A certain Igor appears to have had the same problem as me in July 2014: http://php.tutorialhorizon.com/how-to-debug-php-in-aptana-studio/#comment-2225
The offered solution "check your paths" hasn't helped me.
Log:
ENTRY org.eclipse.core.jobs 4 2 2015-04-21 13:44:19.026
!MESSAGE An internal error occurred during: "Launching website".
!STACK 0
java.lang.IllegalArgumentException: Malformed \uxxxx encoding.
at java.util.Properties.loadConvert(Unknown Source)
at java.util.Properties.load0(Unknown Source)
at java.util.Properties.load(Unknown Source)
at org2.eclipse.php.internal.debug.core.launching.XDebugExeLaunchConfigurationDelegate.isXDebugFunctional(XDebugExeLaunchConfigurationDelegate.java:310)
at org2.eclipse.php.internal.debug.core.launching.XDebugExeLaunchConfigurationDelegate.launch(XDebugExeLaunchConfigurationDelegate.java:86)
at org2.eclipse.php.internal.debug.core.launching.PHPLaunchDelegateProxy.launch(PHPLaunchDelegateProxy.java:71)
at org.eclipse.debug.internal.core.LaunchConfiguration.launch(LaunchConfiguration.java:858)
at org.eclipse.debug.internal.core.LaunchConfiguration.launch(LaunchConfiguration.java:707)
at org.eclipse.debug.internal.ui.DebugUIPlugin.buildAndLaunch(DebugUIPlugin.java:1018)
at org.eclipse.debug.internal.ui.DebugUIPlugin$8.run(DebugUIPlugin.java:1222)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:53)
Look at the property file or the file displayed in the error message and change the backslash to forwardslash:
...\user_projects... to .../user_projects...
Or
...\uxxxx... to .../uxxxx...
\u is a reserved keyword and throws the system off.
Note: "..." and "xxxx" are depicting anything in this case. Usually the error displays a line number one line below the actual line with the issue or so-called ...\u...
Reference: http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6555979
It is really disappointing that so many of these issues with java plague many of us and so many articles send people on a wild goose chase. Hope this helps someone.
Are there paths with /usr in them somewhere? The windows version of PHP can do odd things with slashes and backslashes. Without seeing your config it is hard to say.
My Problem
I compiled OpenSSL into QT to enable OpenSSL support. Everything appeared to go correctly in the compile.
However, when I try to use the official HTTP example application that can be found here, everytime I try to download an https page, it will signal two QSslError, each with contents NoError.
The types of QSslErrors, including NoError, are documented here, poorly. There is no explanation on why they even included an error type called NoError, or what it means.
Bizarrely, the NoError error code seems to be true, as it downloads the remote https document perfectly even while signaling the error.
Does anyone have any idea what this means and what could possibly be causing it?
Optional Background Reading
Here is the relevant part of the code from the example app (this is connected to the network connection's sslErrors signal by the constructor):
void HttpWindow::sslErrors(QNetworkReply*,const QList<QSslError> &errors)
{
QString errorString;
foreach (const QSslError &error, errors) {
if (!errorString.isEmpty())
errorString += ", ";
errorString += error.errorString();
}
if (QMessageBox::warning(this, tr("HTTP"),
tr("One or more SSL errors has occurred: %1").arg(errorString),
QMessageBox::Ignore | QMessageBox::Abort) == QMessageBox::Ignore) {
reply->ignoreSslErrors();
}
}
I have tried the old version of this example, and it produced the same result.
I have tried OpenSSL 1.0.0a and 0.9.8o. I have tried tried compiling OpenSSL myself, I have tried using pre-compiled versions of OpenSSL from the net. All produce the same result.
If this were my first time using QT with SSL, I would almost think this is the intended result (even though their example application is popping up error warning message windows), if not for the fact that last time I played with QT, using what would now be an old version of QT with an old version of SSL, I distinctly remember everything working fine with no error windows.
My system is running Windows 7 x64.
The only path where a QSslError can be constructed with a NoError code is during conversion from OpenSSL error codes to QSslError::SslError values, when the error code is X509_V_OK. There is an interesting note about this error code in the OpenSSL docs:
If no peer certificate was presented, the returned result code is X509_V_OK. This is because no verification error occurred, it does however not indicate success.
Can you check with Wireshark or something similar if the certificate is being transmitted?
I get 4 errors, 3 times over.
The 4 (expected) errors are:
1.The host name did not match any of the valid hosts for this certificate
2.The issuer certificate of a locally looked up certificate could not be found
3.The root CA certificate is not trusted for this purpose
4.No certificates could be verified
I suspect your "NoError" refers to the last (#4)...
The reason I got 3 repeats appears to be because there are 3 threads running - each fires the same sslErrors signal.
I suspect your 2 repeats were due to 2 threads running in the WebView widget.