Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Bouncycastle JARs break large-key crypto operations

Description

When trying to use the org.opennms.core.web.HttpClientWrapper class to make an HTTPS client connection to a server supporting high-strength cipher suites, I get the following exception stack trace:

The bouncycastle JCE provider appears to be taking precedence over the JDK-provided one, resulting in this problem. Removing the bcprov JAR from OPENNMS_HOME/lib enables the connections to succeed.

We appear to have picked up an undeclared dependency on the following artifacts from group bouncycastle

  • bcmail-jdk14

  • bcprov-jdk14

  • bctsp-jdk14

We have existing exclusions in the dependencies/jasper POM for bcmail and bcprov. Somebody thought iText could be the culprit.

Environment

Fedora 21 (4.1.8-100.fc21.x86_64 #1 SMP Tue Sep 22 12:13:06 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux) Oracle JDK 1.8_65

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Ronny Trommer April 1, 2016 at 8:15 PM

seems to be fixed, can we delete the associated branch? https://github.com/OpenNMS/opennms/tree/jira/NMS-7959

Benjamin Reed November 6, 2015 at 11:13 AM

This got fixed in foundation and has merged forward to all relevant branches.

Ronny Trommer November 4, 2015 at 3:44 AM

It is possible this issue has also effect when you try to SSH in Karaf. The SSH connection breaks with connection refused. The ssh -v output looks like the following:

In Karaf you can see following Exception during the login:

Benjamin Reed November 3, 2015 at 1:32 PM

I believe I have the fix for this, just testing it now.

Fixed

Details

Assignee

Reporter

Labels

Components

Sprint

Fix versions

Affects versions

Priority

PagerDuty

Created November 3, 2015 at 10:38 AM
Updated October 16, 2017 at 1:16 PM
Resolved November 6, 2015 at 11:13 AM