Jruby jruby-1.7.0.preview1
JDK: Java(TM) SE Runtime Environment (build 1.7.0_05-b05)
I’m getting data from a REST webservice over HTTPS, and for days now it’s been fine.
I upgraded to Ubuntu 12.04 (from 11.10) over the weekend – and now this fails. I can only assume that something changed in my JVM during that time. I had thought I was on Java 7 before, so I’m very confused.
Either way the code that is fails on is the Net::HTTP.start part of:
require "net/http"
Net::HTTP.start(uri.host, :use_ssl => true, :ca_path => "/etc/ssl/certs") do |http|
#...
end
And the error is:
OpenSSL::SSL::SSLError: Certificates does not conform to algorithm constraints
from org/jruby/ext/openssl/SSLSocket.java:180:in `connect'
from /opt/jruby/active/lib/ruby/1.9/net/http.rb:799:in `connect'
from org/jruby/ext/timeout/Timeout.java:103:in `timeout'
from /opt/jruby/active/lib/ruby/1.9/net/http.rb:799:in `connect'
from /opt/jruby/active/lib/ruby/1.9/net/http.rb:755:in `do_start'
from /opt/jruby/active/lib/ruby/1.9/net/http.rb:744:in `start'
from /opt/jruby/active/lib/ruby/1.9/net/http.rb:557:in `start'
Any help would be appreciated.
EDIT:
I just tested this on Java 6, and it worked fine.
I’m wondering if it has to do with: https://forums.oracle.com/forums/thread.jspa?threadID=2405379
Found a solution outlined here:
http://sim.ivi.co/2011/07/java-se-7-release-security-enhancements.html
Short version:
Go into java_home/jre/lib/security/java.security
And change
to
However, please be aware that this re-enables MD2 hashing, which has proven to not be secure.
See:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409