Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #12339 (closed)

Opened 8 years ago

Closed 8 years ago

BUG: Insight with Java 8 fails to connect to some servers

Reported by: spli Owned by: jburel
Priority: blocker Milestone: 5.0.4
Component: Insight Version: 5.0.2
Keywords: java8 Cc: java@…, ux@…
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description

Running Insight Ice35 on OS X with Java 1.8.0_05 I can't connect to:
OMERO.server-5.0.2-ice35-b26 running with Linux OpenJDK 1.7.0_55

!! 29/05/14 11:50:11:442 error: Ice.ThreadPool.Client-0: exception in `Ice.ThreadPool.Client':
   java.lang.RuntimeException: Algorithm NONE not available
   	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362)
   	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:529)
   	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:807)
   	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:775)
   	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
   	at IceSSL.TransceiverI.handshakeNonBlocking(TransceiverI.java:543)
   	at IceSSL.TransceiverI.initialize(TransceiverI.java:109)
   	at Ice.ConnectionI.initialize(ConnectionI.java:1933)
   	at Ice.ConnectionI.message(ConnectionI.java:1084)
   	at IceInternal.ThreadPool.run(ThreadPool.java:321)
   	at IceInternal.ThreadPool.access$300(ThreadPool.java:12)
   	at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:693)
   	at java.lang.Thread.run(Thread.java:745)
   Caused by: java.lang.RuntimeException: Algorithm NONE not available
   	at sun.security.ssl.JsseJce.getMessageDigest(JsseJce.java:354)
   	at sun.security.ssl.CloneableDigest.getDigest(HandshakeHash.java:310)
   	at sun.security.ssl.HandshakeHash.setFinishedAlg(HandshakeHash.java:229)
   	at sun.security.ssl.ClientHandshaker.serverHello(ClientHandshaker.java:473)
   	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:146)
   	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
   	at sun.security.ssl.Handshaker$1.run(Handshaker.java:865)
   	at sun.security.ssl.Handshaker$1.run(Handshaker.java:862)
   	at java.security.AccessController.doPrivileged(Native Method)
   	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1302)
   	at IceSSL.TransceiverI.handshakeNonBlocking(TransceiverI.java:530)
   	... 7 more
   Caused by: java.security.NoSuchAlgorithmException: NONE MessageDigest not available
   	at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
   	at java.security.Security.getImpl(Security.java:695)
   	at java.security.MessageDigest.getInstance(MessageDigest.java:159)
   	at sun.security.ssl.JsseJce.getMessageDigest(JsseJce.java:349)
   	... 17 more
   
   event handler: local address = <not available>
   remote address = 127.0.0.1:4064
!! 29/05/14 11:50:16:448 error: Ice.ThreadPool.Client-1: exception in `Ice.ThreadPool.Client':
   java.lang.RuntimeException: Algorithm NONE not available
   	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362)
   	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:529)
   	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:807)
   	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:775)
   	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
   	at IceSSL.TransceiverI.handshakeNonBlocking(TransceiverI.java:543)
   	at IceSSL.TransceiverI.initialize(TransceiverI.java:109)
   	at Ice.ConnectionI.initialize(ConnectionI.java:1933)
   	at Ice.ConnectionI.message(ConnectionI.java:1084)
   	at IceInternal.ThreadPool.run(ThreadPool.java:321)
   	at IceInternal.ThreadPool.access$300(ThreadPool.java:12)
   	at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:693)
   	at java.lang.Thread.run(Thread.java:745)
   Caused by: java.lang.RuntimeException: Algorithm NONE not available
   	at sun.security.ssl.JsseJce.getMessageDigest(JsseJce.java:354)
   	at sun.security.ssl.CloneableDigest.getDigest(HandshakeHash.java:310)
   	at sun.security.ssl.HandshakeHash.setFinishedAlg(HandshakeHash.java:229)
   	at sun.security.ssl.ClientHandshaker.serverHello(ClientHandshaker.java:473)
   	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:146)
   	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
   	at sun.security.ssl.Handshaker$1.run(Handshaker.java:865)
   	at sun.security.ssl.Handshaker$1.run(Handshaker.java:862)
   	at java.security.AccessController.doPrivileged(Native Method)
   	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1302)
   	at IceSSL.TransceiverI.handshakeNonBlocking(TransceiverI.java:530)
   	... 7 more
   Caused by: java.security.NoSuchAlgorithmException: NONE MessageDigest not available
   	at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
   	at java.security.Security.getImpl(Security.java:695)
   	at java.security.MessageDigest.getInstance(MessageDigest.java:159)
   	at sun.security.ssl.JsseJce.getMessageDigest(JsseJce.java:349)
   	... 17 more
   
   event handler: local address = <not available>
   remote address = 0:0:0:0:0:0:0:1:4064

Mark Woodbridge reports being unable to connect to a 1.8.0_05 ice35 server from Linux/Windows? running 1.8.0_05: http://lists.openmicroscopy.org.uk/pipermail/ome-users/2014-May/004464.html

Note if testing this on a Mac opening the Insight client from the Desktop uses the default system java even if you've installed a more recent java, so to test this you should download the Linux client package and use the scripts from the command line.

I can successfully connect to gretzky (1.6.0_20, ice33), ome-ci-c6-07 (1.7.0_05-icedtea, ice34), and also a local ice35 server running under 1.8.0_05.

Change History (19)

comment:1 Changed 8 years ago by jamoore

  • Milestone changed from Unscheduled to 5.0.3

comment:2 Changed 8 years ago by cblackburn

  • Priority changed from major to blocker

Using the 64-bit Ice-35 5.0.2 clients on Windows 8 with Java 8 installed I can't connect to local or remote servers. The exception I get is:

OMERO address: nightshade.openmicroscopy.org
User Name: cblackburn -- Password: ************
org.openmicroscopy.shoola.env.data.DSOutOfServiceException: Can't connect to OMERO. OMERO info not valid.

Ice.ConnectionLostException
    error = 0
	at IceInternal.ConnectRequestHandler.getConnection(ConnectRequestHandler.java:244)
	at IceInternal.ConnectRequestHandler.sendRequest(ConnectRequestHandler.java:141)
	at IceInternal.Outgoing.invoke(Outgoing.java:77)
	at Ice._ObjectDelM.ice_isA(_ObjectDelM.java:33)
	at Ice.ObjectPrxHelperBase.ice_isA(ObjectPrxHelperBase.java:98)
	at Ice.ObjectPrxHelperBase.ice_isA(ObjectPrxHelperBase.java:61)
	at Glacier2.RouterPrxHelper.checkedCast(RouterPrxHelper.java:2262)
	at omero.client.getRouter(client.java:770)
	at omero.client.createSession(client.java:693)
	at org.openmicroscopy.shoola.env.data.OMEROGateway.createSession(OMEROGateway.java:1853)
	at org.openmicroscopy.shoola.env.data.DataServicesFactory.connect(DataServicesFactory.java:590)
	at org.openmicroscopy.shoola.env.data.login.LoginServiceImpl.attempt(LoginServiceImpl.java:136)
	at org.openmicroscopy.shoola.env.data.login.LoginServiceImpl.login(LoginServiceImpl.java:265)
	at org.openmicroscopy.shoola.env.data.login.LoginManager.login(LoginManager.java:98)
	at org.openmicroscopy.shoola.env.init.SplashScreenInit.onEnd(SplashScreenInit.java:169)
	at org.openmicroscopy.shoola.env.init.Initializer.notifyEnd(Initializer.java:189)
	at org.openmicroscopy.shoola.env.Container.runStartupProcedure(Container.java:129)
	at org.openmicroscopy.shoola.env.Container.access$000(Container.java:78)
	at org.openmicroscopy.shoola.env.Container$1.run(Container.java:174)
	at java.lang.Thread.run(Unknown Source)

	at org.openmicroscopy.shoola.env.data.OMEROGateway.createSession(OMEROGateway.java:1872)
	at org.openmicroscopy.shoola.env.data.DataServicesFactory.connect(DataServicesFactory.java:590)
	at org.openmicroscopy.shoola.env.data.login.LoginServiceImpl.attempt(LoginServiceImpl.java:136)
	at org.openmicroscopy.shoola.env.data.login.LoginServiceImpl.login(LoginServiceImpl.java:265)
	at org.openmicroscopy.shoola.env.data.login.LoginManager.login(LoginManager.java:98)
	at org.openmicroscopy.shoola.env.init.SplashScreenInit.onEnd(SplashScreenInit.java:169)
	at org.openmicroscopy.shoola.env.init.Initializer.notifyEnd(Initializer.java:189)
	at org.openmicroscopy.shoola.env.Container.runStartupProcedure(Container.java:129)
	at org.openmicroscopy.shoola.env.Container.access$000(Container.java:78)
	at org.openmicroscopy.shoola.env.Container$1.run(Container.java:174)
	at java.lang.Thread.run(Unknown Source)
Caused by: Ice.ConnectionLostException
    error = 0
	at IceInternal.ConnectRequestHandler.getConnection(ConnectRequestHandler.java:244)
	at IceInternal.ConnectRequestHandler.sendRequest(ConnectRequestHandler.java:141)
	at IceInternal.Outgoing.invoke(Outgoing.java:77)
	at Ice._ObjectDelM.ice_isA(_ObjectDelM.java:33)
	at Ice.ObjectPrxHelperBase.ice_isA(ObjectPrxHelperBase.java:98)
	at Ice.ObjectPrxHelperBase.ice_isA(ObjectPrxHelperBase.java:61)
	at Glacier2.RouterPrxHelper.checkedCast(RouterPrxHelper.java:2262)
	at omero.client.getRouter(client.java:770)
	at omero.client.createSession(client.java:693)
	at org.openmicroscopy.shoola.env.data.OMEROGateway.createSession(OMEROGateway.java:1853)
	... 10 more
Exception in thread "Initializer"
Last edited 8 years ago by cblackburn (previous) (diff)

comment:3 Changed 8 years ago by pwalczysko

  • Component changed from Client to Insight
  • Owner set to jburel

comment:4 Changed 8 years ago by spli

This isn't specific to insight, it also occurs with bin/omero import ....

...
2014-06-24 10:21:14,525 2669       [      main] INFO       ome.formats.OMEROMetadataStoreClient - Attempting initial SSL connection to ome-ci-c6-07.openmicroscopy.org:4064
!! 24/06/14 10:21:14:983 error: Ice.ThreadPool.Client-0: exception in `Ice.ThreadPool.Client':
   java.lang.RuntimeException: Algorithm NONE not available
...

Maybe this affects all java clients? I can connect using python without any problems. If I switch back to Java 7 the import works.

Last edited 8 years ago by spli (previous) (diff)

comment:5 Changed 8 years ago by pwalczysko

@spli yes, the suspicion is that it is concerning all clients. Nevertheless, I have put this as Insight bug, because like that, it goes straight to jburel, and so will get hopefully more attention than when it would be filed as "Clients".

comment:6 Changed 8 years ago by jburel

  • Milestone changed from 5.0.3 to 5.1.0-m1

Moving to 5.1.0 as discussed on Tuesday, this bug will have to be back ported if we release for a 5.0.4

comment:7 Changed 8 years ago by spli

bin/omero import is still failing with Java 1.8.0_11 on OS X 10.9.4

comment:8 Changed 8 years ago by jburel

OSX 10.8.5
java version "1.8.0_11"
is not working against octopus but I can connect to localhost

Last edited 8 years ago by jburel (previous) (diff)

comment:9 Changed 8 years ago by jburel

bin/omero import is working with Java 1.8.0.11 on OS X 10.8.5 (localhost)

Last edited 8 years ago by jburel (previous) (diff)

comment:10 Changed 8 years ago by jburel

OSX 10.8.5 java version 1.8.0.11, clients (ice34/35) work against Hake (Windows server).

Last edited 8 years ago by jburel (previous) (diff)

comment:11 Changed 8 years ago by jburel

You can also test using the latest Eclipse (Luna) and add Java 1.8 to the list of compiler.

Version 0, edited 8 years ago by jburel (next)

comment:12 Changed 8 years ago by jburel

Problem is due to id.properties.setProperty("IceSSL.Ciphers", "NONE (DH_anon)"); in omero. Currently testing other configurations.

comment:14 Changed 8 years ago by jburel

from ZeroC website (http://www.zeroc.com/doc/Ice-3.4.0/manual/IceSSL.42.4.html)

`
ADH is not a good choice in most cases because, as its name implies, there is no authen­tication of the communicating parties, and it is vulnerable to man-in-the-middle attacks. However, it still provides encryption of the session traffic and requires very little administration and therefore may be useful in certain situations.
`

Last edited 8 years ago by jburel (previous) (diff)

comment:15 Changed 8 years ago by jburel

Something like

id.properties.setProperty("IceSSL.Ciphers", "ALL !(ADH) !(LOW) !(EXPORT) !(MD5) (@STRENGTH)");

works again localhost/hake/octopus

comment:17 Changed 8 years ago by jburel

Reference https://www.openssl.org/docs/apps/ciphers.html

ALL
all cipher suites except the eNULL ciphers which must be explicitly enabled; as of OpenSSL, the ALL cipher suites are reasonably ordered by default

Setting the following in omero.client, should be ok since it also includes aNull i.e.

id.properties.setProperty("IceSSL.Ciphers", "ALL (@STRENGTH)");

aNULL
the cipher suites offering no authentication. This is currently the anonymous DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable to a man in the middle attack and so their use is normally discouraged.

comment:18 Changed 8 years ago by jamoore

  • Milestone changed from 5.1.0-m1 to 5.0.4

Moving all Java8 issues to the clean 5.0.4 milestone

comment:19 Changed 8 years ago by jburel

  • Resolution set to fixed
  • Status changed from new to closed

PR now open see https://github.com/openmicroscopy/openmicroscopy/pull/2912. Problem is not related to the Cipher but to the ssl protocol not being enabled.
Closing

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.64367 sec.)

We're Hiring!