title | tags | metaDescription | redirects | freshnessValidatedDate | |||||
---|---|---|---|---|---|---|---|---|---|
Infinite Tracing: Configure SSL for Java 7 and 8 |
|
For New Relic Infinite Tracing, how to implement a special configuration of Java Cryptographic Extensions (JCE) for certain older versions of Java. |
|
never |
Infinite Tracing requires special configuration of Java Cryptographic Extensions (JCE) for certain older versions of Java. This document provides guidelines on how to configure Java in this case.
For security and performance, New Relic strongly recommends upgrading to the latest Java 8 update. For HotSpot-based JVMs, none of the steps below are required after 8u251.You must follow this process if you meet ALL of the criteria below:
-
You are implementing Infinite Tracing
-
Your JVM does not support Application-Layer Protocol Negotiation (ALPN). New Relic has identified that these JVMs do not support ALPN and require configuration:
-
Oracle Java 7
-
Oracle Java 8 prior to update 251
-
OpenJDK Java 8 prior to update 252
New Relic has only confirmed that the JVMs above lack ALPN support. You should confirm with your vendor if ALPN support is present in your JVM.
-
If you use Tomcat, WebSphere, Weblogic, or another application server, refer to your application server's documentation about how to add a Java Cryptography Extension (JCE) in your application server.
Older Oracle JVMs require an extra update to allow JCE. Consult this Oracle TechNote for downloads and instructions.
New Relic has successfully tested OpenJDK Java 8 with Conscrypt. Complete the following:
-
Download the appropriate Conscrypt jar for your operating system.
-
Copy the Conscrypt jar to
JAVA_HOME/jre/lib/ext
. This directory should already exist, but if it doesn't, look for a directory namedext
underJAVA_HOME
. -
Edit the file
JAVA_HOME/jre/lib/security/java.security
. -
Under the lines that start with
security.provider
, increment the last number, and set the value toorg.conscrypt.OpenSSLProvider
. For example, if the last entry wassecurity.provider.10
, add this line:security.provider.11=org.conscrypt.OpenSSLProvider
When you finish these preliminary configurations, return to Language agents: Enable distributed tracing to finish setting up Infinite Tracing.