SSL support not working (likely due to SecureRandom) #224

Closed
cowboygneox opened this Issue Jan 3, 2017 · 11 comments

Comments

Projects
None yet
2 participants
@cowboygneox
Collaborator

cowboygneox commented Jan 3, 2017

I'm looking into this, but following my own instructions, I can't get SSL support to work on my Mac. I'm not sure what changed or how it broke. I do know that SSL works just fine if you use the Docker image.

Work Around: Use the Docker image for testing.

@quiqua

This comment has been minimized.

Show comment
Hide comment
@quiqua

quiqua Jan 3, 2017

Contributor

Worked for me on my Mac:

export JAVA_HOME="$(/usr/libexec/java_home -v 1.8)"
sudo keytool -importcert -keystore $JAVA_HOME/jre/lib/security/cacerts -file betamax.pem -alias betamax -storepass changeit -noprompt

Related: http://stackoverflow.com/questions/6588390/where-is-java-home-on-osx-sierra-10-12-el-captain-10-11-yosemite-10-10

Contributor

quiqua commented Jan 3, 2017

Worked for me on my Mac:

export JAVA_HOME="$(/usr/libexec/java_home -v 1.8)"
sudo keytool -importcert -keystore $JAVA_HOME/jre/lib/security/cacerts -file betamax.pem -alias betamax -storepass changeit -noprompt

Related: http://stackoverflow.com/questions/6588390/where-is-java-home-on-osx-sierra-10-12-el-captain-10-11-yosemite-10-10

@cowboygneox

This comment has been minimized.

Show comment
Hide comment
@cowboygneox

cowboygneox Jan 3, 2017

Collaborator

@quiqua JDK version?

Collaborator

cowboygneox commented Jan 3, 2017

@quiqua JDK version?

@cowboygneox

This comment has been minimized.

Show comment
Hide comment
@cowboygneox

cowboygneox Jan 3, 2017

Collaborator

Mine:

$ echo $JAVA_HOME
/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home
Collaborator

cowboygneox commented Jan 3, 2017

Mine:

$ echo $JAVA_HOME
/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home
@quiqua

This comment has been minimized.

Show comment
Hide comment
@quiqua

quiqua Jan 3, 2017

Contributor
java -version
java version "1.8.0_102"
Java(TM) SE Runtime Environment (build 1.8.0_102-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.102-b14, mixed mode)

Installed via brew cask, but didn't upgrade recently.
/usr/local/Caskroom/java/1.8.0_102-b14 (227.5M)

Contributor

quiqua commented Jan 3, 2017

java -version
java version "1.8.0_102"
Java(TM) SE Runtime Environment (build 1.8.0_102-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.102-b14, mixed mode)

Installed via brew cask, but didn't upgrade recently.
/usr/local/Caskroom/java/1.8.0_102-b14 (227.5M)

@cowboygneox

This comment has been minimized.

Show comment
Hide comment
@cowboygneox

cowboygneox Jan 3, 2017

Collaborator

Actually, once I actually installed the cert into 8u112, it worked. However, I still can't get 8u111 to work...probably why 8u112 exists...

Collaborator

cowboygneox commented Jan 3, 2017

Actually, once I actually installed the cert into 8u112, it worked. However, I still can't get 8u111 to work...probably why 8u112 exists...

@cowboygneox

This comment has been minimized.

Show comment
Hide comment
@cowboygneox

cowboygneox Jan 3, 2017

Collaborator

Of all of the problems I've had in my life, SecureRandom appears to be the worst, and I've broken my knee and had two surgeries on it.

Collaborator

cowboygneox commented Jan 3, 2017

Of all of the problems I've had in my life, SecureRandom appears to be the worst, and I've broken my knee and had two surgeries on it.

@cowboygneox

This comment has been minimized.

Show comment
Hide comment
@cowboygneox

cowboygneox Jan 3, 2017

Collaborator

If you look in the logs of the latest failed Travis build, you see a lot of this:

Failed to generate a seed from SecureRandom within 3 seconds. Not enough entrophy?

That's likely the issue I'm running into locally.

Collaborator

cowboygneox commented Jan 3, 2017

If you look in the logs of the latest failed Travis build, you see a lot of this:

Failed to generate a seed from SecureRandom within 3 seconds. Not enough entrophy?

That's likely the issue I'm running into locally.

@cowboygneox

This comment has been minimized.

Show comment
Hide comment
@cowboygneox

cowboygneox Jan 3, 2017

Collaborator

My 8u111 is now working as well. I'm increasingly confident it's a SecureRandom issue.

Collaborator

cowboygneox commented Jan 3, 2017

My 8u111 is now working as well. I'm increasingly confident it's a SecureRandom issue.

@cowboygneox cowboygneox changed the title from SSL support not working on a Mac to SSL support not working (likely due to SecureRandom) Jan 3, 2017

cowboygneox added a commit that referenced this issue Jan 3, 2017

cowboygneox added a commit that referenced this issue Jan 3, 2017

cowboygneox added a commit that referenced this issue Jan 3, 2017

cowboygneox added a commit that referenced this issue Jan 3, 2017

@cowboygneox

This comment has been minimized.

Show comment
Hide comment
@cowboygneox

cowboygneox Jan 3, 2017

Collaborator

I'm going to explore this a bit more, but based on the release notes for JDK 8u112, I think I'm going to make the recommended JDK for Betamax to be 8u112.

Collaborator

cowboygneox commented Jan 3, 2017

I'm going to explore this a bit more, but based on the release notes for JDK 8u112, I think I'm going to make the recommended JDK for Betamax to be 8u112.

@cowboygneox

This comment has been minimized.

Show comment
Hide comment
@cowboygneox

cowboygneox Jan 3, 2017

Collaborator

I'm also probably going to suggest switching to use /dev/urandom. https://docs.oracle.com/cd/E13209_01/wlcp/wlss30/configwlss/jvmrand.html.

Collaborator

cowboygneox commented Jan 3, 2017

I'm also probably going to suggest switching to use /dev/urandom. https://docs.oracle.com/cd/E13209_01/wlcp/wlss30/configwlss/jvmrand.html.

cowboygneox added a commit that referenced this issue Jan 3, 2017

cowboygneox added a commit that referenced this issue Jan 3, 2017

cowboygneox added a commit that referenced this issue Jan 3, 2017

cowboygneox added a commit that referenced this issue Jan 3, 2017

@cowboygneox

This comment has been minimized.

Show comment
Hide comment
@cowboygneox

cowboygneox Jan 3, 2017

Collaborator

Resolved by #225.

Collaborator

cowboygneox commented Jan 3, 2017

Resolved by #225.

@cowboygneox cowboygneox closed this Jan 3, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment