问题
I'm running into java.security.NoSuchAlgorithmException: EC AlgorithmParameters not available with Wildfly 8.2 (OpenJDK 1.8.0_31) on OpenShift (the exception is thrown by AmazonHttpClient).
It looks like there is a bug with OpenJDK 1.8 and ECC: https://bugzilla.redhat.com/show_bug.cgi?id=1167153
On of the suggested workarounds requires editing jre/lib/security/java.security to disable jdk.tls.disabledAlgorithms=EC,ECDHE,ECDH.
Or removing jre/lib/ext/sunec.jar
Unfortunately I'm not able to do this on OpenShift (missing permissions).
What would be the best workaround here? Can I alternatively switch to Oracle JDK (on OpenShift) which does not have this problem?
UPDATE:
I removed Sun java.security.Provider-s and added BouncyCastle instead:
static {
Security.removeProvider("SunEC");
Security.removeProvider("SUN");
Security.removeProvider("SunJSSE");
// ...
Security.addProvider(new BouncyCastleProvider());
}
Unfortunately BouncyCastle is not a JSSE provider (create an SSLContext instance using a Bouncy Castle provider) and
SSLContext.getInstance() fails with
NoSuchAlgorithmException: TLS SSLContext not available.
I also tried @Rudy De Busscher suggested answer, although I'm not in favor of manual setting
the env variable since it's something that can later easily be forgotten.
Instead, I added the JAVA_OPTS_EXT setting to $OPENSHIFT_DATA_DIR/.my_custom_env
and loaded it with source ${OPENSHIFT_DATA_DIR}.my_custom_env in
the .openshift/action_hooks/pre_start hook.
It didn't worked but since I would still need to use BouncyCastle for JSSE, I have given up this solution.
Fortunatelly I was able to switch back to OpenJDK 1.7 (via .openshift/markers/java7)
which "solved" the problem for now.
回答1:
Found a solution.
You can define a properties file to override some of the keys defined in the default JRE file jre/lib/security/java.security
This file can be specified in the JAVA_OPTS_EXT environment property of the OpenShift Gear.
These are the steps that we took to fix the issue.
Create the file
- rhc ssc
gearName - cd $OPENSHIFT_DATA_DIR
- vi
override_security.properties - content is
jdk.tls.disabledAlgorithms=EC,ECDHE,ECDH - pwd -> and note down (copy) the full path location of the just created file.
- exit
Set the environment variable
- rhc env set JAVA_OPTS_EXT=-Djava.security.properties=file:
fileLocation-agearName
Restart your gear/app
- rhc app restart -a
gearName
That did the trick for us.
来源:https://stackoverflow.com/questions/28999410/openjdk-on-openshift-nosuchalgorithmexception-ec-algorithmparameters-not-avai