Created attachment 1054503 [details] output of "javaws -verbose session.jnlp" The KVM session viewer java program provided by Dell now fails to connect since I upgraded java-1.8.0-openjdk to version 1:1.8.0.51-4.b16.fc22. Last working version is 1.8.0.45-40.b14.fc22. The error message from Dell program is "Network connect error". I tried after removing ~/.cache/icedtea-web cache. Please tell me how I can provide more debugging details. Distro is Fedora-22 with updates-testing enabled, selinux in permissive mode.
Hello Fabrice! From the log I can see that ITW actually did its job and launched main class. So the error comes from custom application. Form side of ITW this would be closed-not a bug, but as the issue is obviously caused by openjdkk update, I will reassign it back to openjdk8. Omair - in u51 were fixes to connection, so jdk can be an cause. ITW really does not look liek an cause at all. Fabrice - the log from ITW is good. But for more investigations more verbose log from your Dell's app is necessary. Can you enable debugging in this application? Maye via soem <argument> ?
Giving it second though, Main fixes to connection were in https, where some algorithms were removed. Fabrice, if you look into java.security you may find list of excluded algorithms. Try to enable them an maybe then your app will work (note, it is not fix, fix is to update servers to use newer algorithms) Althoug I have not noted itw to connect to https. BNUt it does not need to mean that app can not connect to https later...
I don't see any https links in the log; where are you seeing these? RC4 was disabled in the security update because it is flawed. It should only be re-enabled if there is really no other way to update the other end of the connection.
As I had written. https connections are NOT in the logs. But id do not necessary need to mean, that application is not doing them on its own. Thats why log of the application is now needed more then log of ITW. Fabrice, if you willbe abel to enable debugging of your aplication, console of itw (enabled via itw-settings->debuffing) can filter out logs of ITW and show logs only of yours app.
(In reply to jiri vanek from comment #2) > Giving it second though, Main fixes to connection were in https, where some > algorithms were removed. Fabrice, if you look into java.security you may > find list of excluded algorithms. Try to enable them an maybe then your app > will work (note, it is not fix, fix is to update servers to use newer > algorithms) that's it : -jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768, EC, ECDHE, ECDH +jdk.tls.disabledAlgorithms=SSLv3, EC, ECDHE, ECDH
Hi Fabrice, so does everything work now?
Yes, it works now with this modification to java.security. Thanks for this help!
Great, thanks everyone! I will close this bug then.
Ah, so you fell afoul of the fix for the LOGJAM issue (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-4000). I suggest that the other end of the connection is upgraded ASAP, as such short Diffee-Hellman keys are very vulnerable.
*** Bug 1247772 has been marked as a duplicate of this bug. ***