Java 1.8.161+ breaks SF component activation

Java 1.8.161+ breaks SF component activation

book

Article ID: KB0082409

calendar_today

Updated On:

Products Versions
TIBCO Silver Fabric 5.8.1

Description

Java has changed default behavior of the key generation in Java 1.8.161 and newer versions.  When the SF Engine is updated to this version of Java, it will encounter the following error when trying to activate the component: 

02/06/18 15:30:48.277 SEVERE: [EngineEvent] while sending activate to wspra01a0025-3 for "VR_lab_shared_10443" java.lang.RuntimeException: Unable to encrypt data
        at com.livecluster.connection.crypt.CryptConnection.encrypt(CryptConnection.java:49)
        at com.datasynapse.fabric.broker.proxy.BasicFabricEngineProxy.sendActivate(BasicFabricEngineProxy.java:448)
        at com.datasynapse.fabric.broker.proxy.BasicFabricEngineProxy.activateDomain(BasicFabricEngineProxy.java:615)
        at com.datasynapse.fabric.broker.allocation.DefaultAllocationEntry.acquireEngines(DefaultAllocationEntry.java:278)
        at com.datasynapse.fabric.broker.allocation.DefaultAllocationManager.releaseAndAcquireEngines(DefaultAllocationManager.java:1109)
        at com.datasynapse.fabric.broker.allocation.DefaultAllocationManager.doAllocate(DefaultAllocationManager.java:529)
        at com.datasynapse.fabric.broker.allocation.DefaultAllocationManager.doReallocate(DefaultAllocationManager.java:1280)
        at com.datasynapse.fabric.broker.allocation.DefaultAllocationManager.reallocate(DefaultAllocationManager.java:1213)
        at com.datasynapse.fabric.broker.allocation.DefaultAllocationManager$6.run(DefaultAllocationManager.java:785)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.NoSuchAlgorithmException: Unsupported secret key algorithm: DES
        at com.sun.crypto.provider.DHKeyAgreement.engineGenerateSecret(DHKeyAgreement.java:387)
        at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:648)
        at com.livecluster.security.AsymmetricCipher.generateSecretKey(AsymmetricCipher.java:97)
        at com.livecluster.security.DiffieHellmanCipher.generateSecretKey(DiffieHellmanCipher.java:29)
        at com.livecluster.connection.crypt.CryptConnection.key(CryptConnection.java:79)
        at com.livecluster.connection.crypt.CryptConnection.encrypt(CryptConnection.java:39)

Issue/Introduction

Java has changed default behavior which breaks SF component activation in newer versions.

Environment

Java 1.8.161+ Java 1.7.0_171+ Java 1.6.0_181+

Resolution

The workaround until Engineering implements a long term solution is to set the jdk.crypto.KeyAgreement.legacyKDF property to true for all relevant parts.  

There should be three locations for updating this java system property assuming all versions are running the new JDK.  
1) Engine Config
In the "Engine JVM" section of the engine configuration, you can set the "-Djdk.crypto.KeyAgreement.legacyKDF=true" value in the Command-line Arguments field.
2) Server.sh
The "-Djdk.crypto.KeyAgreement.legacyKDF=true" value can be set in the FABRIC_OPTS variable.
3) CLI
The "-Djdk.crypto.KeyAgreement.legacyKDF=true" can be set on the command line as you are running the CLI:
Commands use the following form:
fabric [-Fproperties.file] [-Dprop1 -Dprop2 ...] command [arg1 arg2 ...]

Additional Information

http://www.oracle.com/technetwork/java/javase/8u161-relnotes-4021379.html
Powered by Wolken Software