I was trying to log in to a Brocade Fiber Channel Switch earlier on, and as always the ugly Java monster reared its ugly head.
Well, I usually get warnings and errors that have to do with the security level of the site... But I've already added this IP to the Java trusted sites and I've set Java security level as low as I can. What now? Let's investigate a bit further.
Let's view the certificate details:
Well. That didn't help me that much. A bunch of "unknown source" java errors and a certificate. Well, let's go with that. The certificate. So, what I did next was disable certificate checks and accept SSLv2 (yes, yes I know).
I thought that this was going to do the trick. Surprise, surprise it didn't. So what next? Well, mess around with the java.security file. To do that, we have to find out which java version we're using:
OK, so 8 U51 it is. So now, I need to go to C:\Program Files (x86)\Java\jre\1.8.0_51\lib\security and edit the java.security file so that anything SSL-related is commented out.
And that was all it took. Obviously after finishing you should revert these changes as it makes any SSL connections with java completely insecure.
Java, I hate you more than I hate Windows. 10. With all the botnet "features" enabled.
Well, I usually get warnings and errors that have to do with the security level of the site... But I've already added this IP to the Java trusted sites and I've set Java security level as low as I can. What now? Let's investigate a bit further.
Let's view the certificate details:
Well. That didn't help me that much. A bunch of "unknown source" java errors and a certificate. Well, let's go with that. The certificate. So, what I did next was disable certificate checks and accept SSLv2 (yes, yes I know).
I thought that this was going to do the trick. Surprise, surprise it didn't. So what next? Well, mess around with the java.security file. To do that, we have to find out which java version we're using:
OK, so 8 U51 it is. So now, I need to go to C:\Program Files (x86)\Java\jre\1.8.0_51\lib\security and edit the java.security file so that anything SSL-related is commented out.
....
#jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
....
#jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
....
#jdk.tls.legacyAlgorithms= \
# K_NULL, C_NULL, M_NULL, \
# DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
# DH_RSA_EXPORT, RSA_EXPORT, \
# DH_anon, ECDH_anon, \
# RC4_128, RC4_40, DES_CBC, DES40_CBCAnd that was all it took. Obviously after finishing you should revert these changes as it makes any SSL connections with java completely insecure.
Java, I hate you more than I hate Windows. 10. With all the botnet "features" enabled.
No comments:
Post a Comment