On my fedora 24 I am using the latest updates: Name : java-1.8.0-openjdk Arch : x86_64 Epoch : 1 Version : 1.8.0.111 Release : 5.b16.fc24 and Name : nss Arch : x86_64 Epoch : 0 Version : 3.28.1 Release : 1.3.fc24 When I built the engine from master today I saw that the engine core dumped every time I tried to login. I followed suggestion to update java.security from jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 to jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768, EC, ECDHE, ECDH This fixed sso but I saw core dump during host add: 2017-01-27 14:14:01,756+01 INFO [org.apache.sshd.common.util.SecurityUtils] (default task-58) BouncyCastle not registered, using the default JCE provider 2017-01-27 14:14:01,870+01 INFO [org.apache.sshd.client.session.ClientSessionImpl] (sshd-SshClient[26c9f7da]-nio2-thread-1) Client session created 2017-01-27 14:14:01,885+01 INFO [org.apache.sshd.client.session.ClientSessionImpl] (sshd-SshClient[26c9f7da]-nio2-thread-1) Server version string: SSH-2.0-OpenSSH_7.2 2017-01-27 14:14:01,886+01 INFO [org.apache.sshd.client.session.ClientSessionImpl] (sshd-SshClient[26c9f7da]-nio2-thread-1) Kex: server->client aes128-ctr hmac-sha2-256 none 2017-01-27 14:14:01,886+01 INFO [org.apache.sshd.client.session.ClientSessionImpl] (sshd-SshClient[26c9f7da]-nio2-thread-1) Kex: client->server aes128-ctr hmac-sha2-256 none 2017-01-27 14:14:01,896+01 WARN [org.apache.sshd.client.session.ClientSessionImpl] (sshd-SshClient[26c9f7da]-nio2-thread-1) Exception caught: java.security.ProviderException: java.lang.NegativeArraySizeException at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:147) at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:703) [rt.jar:1.8.0_111] at org.apache.sshd.common.kex.ECDH.getE(ECDH.java:59) at org.apache.sshd.client.kex.AbstractDHGClient.init(AbstractDHGClient.java:78) at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:359) at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:295) at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:256) at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:731) at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:277) at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:187) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32) at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_111] at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) [rt.jar:1.8.0_111] at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157) [rt.jar:1.8.0_111] at sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553) [rt.jar:1.8.0_111] at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276) [rt.jar:1.8.0_111] at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297) [rt.jar:1.8.0_111] at java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420) [rt.jar:1.8.0_111] at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173) at org.apache.sshd.common.io.nio2.Nio2Connector$1.onCompleted(Nio2Connector.java:53) at org.apache.sshd.common.io.nio2.Nio2Connector$1.onCompleted(Nio2Connector.java:46) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32) at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_111] at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) [rt.jar:1.8.0_111] at sun.nio.ch.Invoker$2.run(Invoker.java:218) [rt.jar:1.8.0_111] at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) [rt.jar:1.8.0_111] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_111] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_111] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111] Caused by: java.lang.NegativeArraySizeException at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method) at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:128) ... 32 more downgrading java did not help and I was not able to downgrade nss due to conflicts.
According to email thread the issue was cause by the bug in OpenJDK tracked by BZ1415137. As it's have been solved and JDK fix has been posted to stable F24 repositories, moving this to ON_QA.
Newer version of jdk (java-1.8.0-openjdk to 1:1.8.0.121-1.b14.fc24) from updates-testing fixes the issue.
ok, works fine # grep ^jdk.tls.disabledAlgo /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-1.b14.fc24.x86_64/jre/lib/security/java.security jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768, EC, ECDHE, ECDH # rpm -q ovirt-engine-backend ovirt-engine-backend-4.1.1-0.0.master.20170131101233.gitf71669f.fc24.noarch # rpm -q java-1.8.0-openjdk java-1.8.0-openjdk-1.8.0.121-1.b14.fc24.x86_64