Created attachment 1433290 [details]
Java console output
Description of problem:
Avocent KVM viewer does not work with IcedTea plugin on F28. Connection Failed message is received.
Version-Release number of selected component (if applicable):
all the time
Steps to Reproduce:
1. log into KVM
2. attempt to launch KVM viewer
3. receive connection failed message
no KVM functionality works
KVM console window would appear and give console access to device
see attached output
I can confirm this.
for me the problem exists when trying to run the idrac 6 virtual console.
i am using HP IMPI remote access cards for the Microserver N54L. i just updated the firmware to latest version, 1.4 (from 1.3) and the issue still occurs.
I just checked on Fedora 27 and it is working there with Icedtea-web 1.7.1-5.fc27.
Wait. You are saying it is working in f27 and not in f28?
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
And notifying f27x28 few nits:
was jdk used in f27 also u171?
were the system crypto policies same? (update-crypto-policies --show)
Maybe used crypto policies changed between f27 and f28?
try update-crypto-policies --set LEGACY for check.
Maybe ITW have issue swith enforcing of https - try to put deployment.https.noenforce=true into ~/.config/icedtea-web/deployment.properties
Sorry for little ehelp., this is quite hard to reproduce as both idrac and impi and avocado are proprietary and you need something to observe (btw, clue how to debug this locally will be appreciated). Also I recall dell (idrac) have ITW in supported platforms.
For me setting the crypto-policies to LEGACY worked :-)
i was using F24 or F26 previously and performed an inplace upgrade via dnf system-upgrade to F28. after the upgrade to F28 it stopped working.
i have a practice of keeping very up-to-date while using a "supported" version of fedora (run dnf upgrade every few days), so i likely used most of the available versions of java/icedtea while on F24 or F26.
[brendan@desktop ~]$ update-crypto-policies --show
setting update-crypto-policies to LEGACY "fixes" the problem.
i am willing to attend a teamviewer or hangout session and share my screen for diagnostics.
Unluckily not much diagnostic needed.
Unless somebody in this thread disagree, I', for closing this bug as "not a bug"
Your servers are using some cryptographic settings
Your client is using some cryptographic settings
Until now, there was intersection, so they could communicate.
F28 removed insecure and legacy algorithms, so now the intersection is empty.
By update-crypto-policies -- set LEGACY you enable this intersection again.
The correct fix would be to adjust the servers to current century and newest security.