Updating the JDK? Watch for Changes to Encryption!

It’s a good thing to keep up with the latest security updates that have been made with the Java JDK over the last few years, but sometimes it’s easy to just leave it alone if it’s working fine until that audit comes around and you’re forced upgrade your JDK.  If you are moving from an older JDK to a newer JDK with JDE there are a few things regarding encryption that you should keep in mind.

Many of the older JDK versions used encryption protocols that have been disabled in the newer versions as they have come out over the past few years.  You may experience issues after upgrading because of this.  Things like not being able to connect to the Server Manager Console, JDE logins failing on the web, not getting web server metrics any longer, or SSL connections breaking entirely.

If you have just upgraded your Java JDK and experience issues like these you should try re-enabling the disabled algorithms.  In order to do this follow these simple steps:

  • Stop the agent, web server or Server Manager Console affected by this upgrade. If there is more than one, stop them all.
  • Locate the java.security file in the upgraded JDK. You should find it under the JDK\jre\lib\security folder.
  • Edit the java.security file and locate the following lines:

    jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 768, \
    EC keySize < 224

  • Comment out these lines by adding a hash mark to the beginning of the line:

    #jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 768, \
    #EC keySize < 224

  • Save the file and then restart the services that were stopped previously.

For more information on this and other Java encryption issues with JDE, Check out the following docs from Oracle support:

2353526.1, 2256869.1