Skip to content

Latest commit

 

History

History
58 lines (41 loc) · 3.11 KB

infinite-tracing-configuring-ssl-java-7-8.mdx

File metadata and controls

58 lines (41 loc) · 3.11 KB
Raw
title tags metaDescription redirects freshnessValidatedDate
Infinite Tracing: Configure SSL for Java 7 and 8
Understand dependencies
Distributed tracing
Infinite Tracing
For New Relic Infinite Tracing, how to implement a special configuration of Java Cryptographic Extensions (JCE) for certain older versions of Java.
/docs/understand-dependencies/distributed-tracing/enable-configure/configuring-ssl-infinite-tracing-java-7-8
/docs/understand-dependencies/distributed-tracing/other-requirements/infinite-tracing-configuring-ssl-java-7-8
never

Infinite Tracing requires special configuration of Java Cryptographic Extensions (JCE) for certain older versions of Java. This document provides guidelines on how to configure Java in this case.

For security and performance, New Relic strongly recommends upgrading to the latest Java 8 update. For HotSpot-based JVMs, none of the steps below are required after 8u251.

When to configure Java Cryptography [#when-configure]

You must follow this process if you meet ALL of the criteria below:

  • You are implementing Infinite Tracing

  • Your JVM does not support Application-Layer Protocol Negotiation (ALPN). New Relic has identified that these JVMs do not support ALPN and require configuration:

    • Oracle Java 7

    • Oracle Java 8 prior to update 251

    • OpenJDK Java 8 prior to update 252

      New Relic has only confirmed that the JVMs above lack ALPN support. You should confirm with your vendor if ALPN support is present in your JVM.

Application Server

If you use Tomcat, WebSphere, Weblogic, or another application server, refer to your application server's documentation about how to add a Java Cryptography Extension (JCE) in your application server.

Configure the export policy for Oracle JVMs [#export-policy]

Older Oracle JVMs require an extra update to allow JCE. Consult this Oracle TechNote for downloads and instructions.

Configuring Conscrypt for HotSpot JVMs [#conscrypt]

New Relic has successfully tested OpenJDK Java 8 with Conscrypt. Complete the following:

  1. Download the appropriate Conscrypt jar for your operating system.

  2. Copy the Conscrypt jar to JAVA_HOME/jre/lib/ext. This directory should already exist, but if it doesn't, look for a directory named ext under JAVA_HOME.

  3. Edit the file JAVA_HOME/jre/lib/security/java.security .

  4. Under the lines that start with security.provider, increment the last number, and set the value to org.conscrypt.OpenSSLProvider. For example, if the last entry was security.provider.10, add this line:

    security.provider.11=org.conscrypt.OpenSSLProvider

Finish setting up Infinite Tracing [#return-to-distributed-tracing]

When you finish these preliminary configurations, return to Language agents: Enable distributed tracing to finish setting up Infinite Tracing.