Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[All Services] IBM Java results in only the 3DES cipher suite being choosen #610

Closed
coxd opened this issue Mar 9, 2017 · 22 comments · Fixed by #617
Closed

[All Services] IBM Java results in only the 3DES cipher suite being choosen #610

coxd opened this issue Mar 9, 2017 · 22 comments · Fixed by #617
Assignees
@germanattanasio
Labels
bug in progress

Comments

@coxd
Copy link

coxd commented Mar 9, 2017

IBM Java (any version) has incompatibilities with the OkHttpClient that are documented here. It is possible OkHttpClient may resolve this issue soon as there is current activity on it.

This issue proposes a solution that involves configuring OkHttpClient with a custom SSLContext but I believe would require reflection to only do this when IBM Java is in use (you would not want to interfere with defaults on other platforms/JDKs).
@bruceadams
Copy link

A lightweight way to figure out if code is running on IBM Java is by looking at the Java System Property java.vm.name. The value of that property, across many releases of IBM Java is IBM J9 VM. In Java code, this is roughly:

if ( System.getProperty("java.vm.name").equals("IBM J9 VM") ) { ... }

@germanattanasio
Copy link
Contributor

What's the output of that if running in Android?

@bruceadams
Copy link

I don't have an easy way to try it on Android. It most certainly is not IBM J9 VM on Android. I suppose there is a risk that it's not defined, which means the Java code should get flipped around to avoid a Null Pointer Exception:

if ( "IBM J9 VM".equals(System.getProperty("java.vm.name")) ) { ... }

@bruceadams
Copy link

The OkHttpClient issue square/okhttp#3173 has been closed by this pull request square/okhttp#3218 being merged into master. Do we want to test that this (not yet released) change to OkHttpClient works for us?

This was referenced Mar 16, 2017
Merged
Closed
@germanattanasio
Copy link
Contributor

@bruceadams I tried the solution from this gist but I'm still seeing the error.

Here is what I'm doing: https://gist.github.com/germanattanasio/3f0e7458328e817b4e63952ffaa93da2

@germanattanasio germanattanasio self-assigned this Mar 17, 2017
@germanattanasio germanattanasio mentioned this issue Mar 20, 2017
Closed
@asidd
Copy link

asidd commented Mar 21, 2017

@germanattanasio - what's update on this issue

@ShubhamSharmaCSE
Copy link

Please can anyone provide me about the details of how to tackle this issue, I have a submission of my final year project this week but this error is not letting us test our project .

Thanks.

@bruceadams
Copy link

@ShubhamSharmaCSE The easiest workaround is to use OpenJDK or Oracle Java instead of IBM Java. Can you do that?

@mjoellnier
Copy link

@bruceadams how can this be done? can this be done even when the project is hosted on bluemix?

I also have a presentation of my project next tuesday... hopefully there will be a way to get it working again.

Thank you!

@craigeebach
Copy link

You might try moving back to the previous buildpack until the issue is resolved. For example, I believe the previous liberty buildpack uses a slightly older 1.8 IBM JRE in which this issue does not occur. I'm not sure about other non-liberty buildpacks but that's what changed and what introduced the issue in my own experience.

You can view the buildpacks from the cf cli by running cf buildpacks. The previous buildpack can be specified during deployment by setting the "-b" option on the push command or by forcing the buildpack version on the manifest.yml through the buildpack option. For example the previous version of the liberty buildpack is liberty-for-java_v3_7-20170118-2046.

@mjoellnier
Copy link

Thank you @craigeebach ! Works perfect for me

@tahir-mehmood
Copy link

I have resolved it by using OpenJDK instead of IBM JDK.

@bruceadams
Copy link

A little experiment, https://github.com/bruceadams/j9experiment, that demonstrates that the square/okhttp#3173 fix does successfully fix this issue.

@lagarwalla
Copy link

I also faced the issue after our instance moved to Liberty buildback 3.8. This issue is resolved after using previous buildpack of 3.7

@germanattanasio germanattanasio mentioned this issue Mar 31, 2017
Merged
@sacpopli
Copy link

sacpopli commented Apr 3, 2017

I used 3.7.0 version of conversation, but the issue still persists.

com.ibm.watson.developer_cloud conversation 3.7.0

Is there anything wrong i am doing here?

@germanattanasio
Copy link
Contributor

You need to use 3.7.1

@pieterjanverbruggen
Copy link

pieterjanverbruggen commented Apr 5, 2017
edited
Loading

Hi all,

I still have this issue when deploying to Watson. In Netbeans it seems to work fine though.. Below the error but let me first give you the versions of the POM file as I am using 3.7.1

<parent>
        <groupId>net.wasdev.maven.parent</groupId>
        <artifactId>java7-parent</artifactId>
        <version>1.4</version>
    </parent>

    <groupId>net.wasdev.wlp.sample</groupId>
    <artifactId>MyFirstDutchChatbot</artifactId>
    <version>1.0</version>
    <packaging>war</packaging>

    <name>MyApp</name>

    <licenses>
        <license>
            <name>The Apache Software License, Version 2.0</name>
            <url>https://raw.github.com/WASdev/sample.servlet/master/LICENSE</url>
            <distribution>repo</distribution>
        </license>
    </licenses>


    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.apache.geronimo.specs</groupId>
                <artifactId>geronimo-servlet_3.0_spec</artifactId>
                <version>1.0</version>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <dependencies>
        <dependency>
            <groupId>org.apache.geronimo.specs</groupId>
            <artifactId>geronimo-servlet_3.0_spec</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
            **<groupId>com.ibm.watson.developer_cloud</groupId>
            <artifactId>java-sdk</artifactId>
            <version>3.7.1</version>**
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
            <version>2.4.4</version>
        </dependency>
        <dependency>
            <groupId>org.json</groupId>
            <artifactId>json</artifactId>
            <version>20160212</version>
        </dependency>
        <dependency>
            <groupId>com.microsoft.ews-java-api</groupId>
            <artifactId>ews-java-api</artifactId>
            <version>2.0</version>
        </dependency>
    </dependencies>

Error 500: java.lang.RuntimeException: java.net.UnknownServiceException: Unable to find acceptable protocols. isFallback=false, modes=[ConnectionSpec(cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA], tlsVersions=[TLS_1_2, TLS_1_1, TLS_1_0], supportsTlsExtensions=true), ConnectionSpec(cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA], tlsVersions=[TLS_1_0], supportsTlsExtensions=true), ConnectionSpec()], supported protocols=[TLSv1, TLSv1.1, TLSv1.2]

@sacpopli
Copy link

sacpopli commented Apr 6, 2017 via email

@pieterjanverbruggen
Copy link

pieterjanverbruggen commented Apr 6, 2017
edited
Loading

How do you switch to openjdk, is it via Maven and/or a setting on Bluemix?

@sacpopli
Copy link

sacpopli commented Apr 6, 2017 via email

@pieterjanverbruggen
Copy link

@sacpopli My apologies for my ignorance regarding manifest files, I will try to not change this into a stack overflow post but could you perhaps point out on what I have to change in my manifest file? Based on what I could find I came up with the below but it is not accepted. I do want to avoid to set the open jdk as variable in the runtime properties. I want to put it in my manifest..

applications:
- path: target/App.war
  memory: 512M
  instances: 1
  domain: eu-gb.mybluemix.net
  name: myApp
  host: myApp
  disk_quota: 1024M
  buildpack: https://github.com/cloudfoundry/java-buildpack.git
  env:
    JBP_CONFIG_OPEN_JDK_JRE '{ jre: { version: 1.8.0_+ }}'
services:
- Watson Service - myService

@sacpopli
Copy link

sacpopli commented Apr 6, 2017 via email

@YathendraPrasad YathendraPrasad mentioned this issue Aug 31, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@germanattanasio germanattanasio

Labels
bug in progress
Milestone
No milestone