Hide Forgot
Description of problem: Java update 8.131 to 8.141 results in ssl handshake errors because of signature alg. error Stacktraces : Caused by: com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Certificate signature algorithm disabled at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:117) ~[na:1.8.0_141] at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:208) ~[na:1.8.0_141] at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:130) ~[na:1.8.0_141] at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:124) ~[na:1.8.0_141] at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:1121) ~[na:1.8.0_141] at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:1035) ~[na:1.8.0_141] at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:1004) ~[na:1.8.0_141] at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:862) ~[na:1.8.0_141] at com.sun.xml.internal.ws.client.Stub.process(Stub.java:448) ~[na:1.8.0_141] at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:178) ~[na:1.8.0_141] at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:93) ~[na:1.8.0_141] at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:77) ~[na:1.8.0_141] at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:147) ~[na:1.8.0_141] at com.sun.proxy.$Proxy100.editUser(Unknown Source) ~[na:na] at de.kvconnect.server.csr.ejbca.CsrDAO.editUser(CsrDAO.java:222) ~[de.kvconnect.server.csr.ejbca-1.1.0.jar:na] at de.kvconnect.server.csr.ejbca.CsrDAO.pkcs10Request(CsrDAO.java:239) ~[de.kvconnect.server.csr.ejbca-1.1.0.jar:na] at de.kvconnect.server.csr.ejbca.CsrDAO.createAndSignCertificate(CsrDAO.java:91) ~[de.kvconnect.server.csr.ejbca-1.1.0.jar:na] ... 37 common frames omitted Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Certificate signature algorithm disabled at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_141] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) ~[na:1.8.0_141] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[na:1.8.0_141] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[na:1.8.0_141] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) ~[na:1.8.0_141] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[na:1.8.0_141] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[na:1.8.0_141] at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) ~[na:1.8.0_141] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) ~[na:1.8.0_141] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) ~[na:1.8.0_141] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[na:1.8.0_141] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) ~[na:1.8.0_141] at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) ~[na:1.8.0_141] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[na:1.8.0_141] at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316) ~[na:1.8.0_141] at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291) ~[na:1.8.0_141] at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) ~[na:1.8.0_141] at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:104) ~[na:1.8.0_141] ... 53 common frames omitted Caused by: sun.security.validator.ValidatorException: Certificate signature algorithm disabled at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:194) ~[na:1.8.0_141] at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_141] at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_141] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[na:1.8.0_141] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_141] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[na:1.8.0_141] ... 66 common frames omitted Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: SHA512WithRSAEncryption Version-Release number of selected component (if applicable): Red Hat Enterprise Linux 7.3 java-1.8.0-openjdk-1.8.0.141-2.b16.el7_4.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.141-2.b16.el7_4.x86_64/jre/bin/java) tomcat-7.0.69-12.el7_3.noarch Tomcat (warfile) Java tls connection to Wildfly 10 (.ear file) relationship is normal keystore/truststore . How reproducible: Always Steps to Reproduce: 1. 2. 3. Actual results: com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Certificate signature algorithm disabled SSL handshakes failed. Expected results: No errors with TLS handshakes. Additional info:
Created attachment 1320607 [details] Reproducer program
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0872