Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #12339 (closed)

Opened 10 years ago

Closed 10 years ago

BUG: Insight with Java 8 fails to connect to some servers

Reported by: spli Owned by: jburel
Priority: blocker Milestone: 5.0.4
Component: Insight Version: 5.0.2
Keywords: java8 Cc: java@…, ux@…
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description

Running Insight Ice35 on OS X with Java 1.8.0_05 I can't connect to:
OMERO.server-5.0.2-ice35-b26 running with Linux OpenJDK 1.7.0_55

!! 29/05/14 11:50:11:442 error: Ice.ThreadPool.Client-0: exception in `Ice.ThreadPool.Client':
   java.lang.RuntimeException: Algorithm NONE not available
   	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362)
   	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:529)
   	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:807)
   	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:775)
   	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
   	at IceSSL.TransceiverI.handshakeNonBlocking(TransceiverI.java:543)
   	at IceSSL.TransceiverI.initialize(TransceiverI.java:109)
   	at Ice.ConnectionI.initialize(ConnectionI.java:1933)
   	at Ice.ConnectionI.message(ConnectionI.java:1084)
   	at IceInternal.ThreadPool.run(ThreadPool.java:321)
   	at IceInternal.ThreadPool.access$300(ThreadPool.java:12)
   	at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:693)
   	at java.lang.Thread.run(Thread.java:745)
   Caused by: java.lang.RuntimeException: Algorithm NONE not available
   	at sun.security.ssl.JsseJce.getMessageDigest(JsseJce.java:354)
   	at sun.security.ssl.CloneableDigest.getDigest(HandshakeHash.java:310)
   	at sun.security.ssl.HandshakeHash.setFinishedAlg(HandshakeHash.java:229)
   	at sun.security.ssl.ClientHandshaker.serverHello(ClientHandshaker.java:473)
   	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:146)
   	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
   	at sun.security.ssl.Handshaker$1.run(Handshaker.java:865)
   	at sun.security.ssl.Handshaker$1.run(Handshaker.java:862)
   	at java.security.AccessController.doPrivileged(Native Method)
   	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1302)
   	at IceSSL.TransceiverI.handshakeNonBlocking(TransceiverI.java:530)
   	... 7 more
   Caused by: java.security.NoSuchAlgorithmException: NONE MessageDigest not available
   	at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
   	at java.security.Security.getImpl(Security.java:695)
   	at java.security.MessageDigest.getInstance(MessageDigest.java:159)
   	at sun.security.ssl.JsseJce.getMessageDigest(JsseJce.java:349)
   	... 17 more
   
   event handler: local address = <not available>
   remote address = 127.0.0.1:4064
!! 29/05/14 11:50:16:448 error: Ice.ThreadPool.Client-1: exception in `Ice.ThreadPool.Client':
   java.lang.RuntimeException: Algorithm NONE not available
   	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362)
   	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:529)
   	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:807)
   	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:775)
   	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
   	at IceSSL.TransceiverI.handshakeNonBlocking(TransceiverI.java:543)
   	at IceSSL.TransceiverI.initialize(TransceiverI.java:109)
   	at Ice.ConnectionI.initialize(ConnectionI.java:1933)
   	at Ice.ConnectionI.message(ConnectionI.java:1084)
   	at IceInternal.ThreadPool.run(ThreadPool.java:321)
   	at IceInternal.ThreadPool.access$300(ThreadPool.java:12)
   	at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:693)
   	at java.lang.Thread.run(Thread.java:745)
   Caused by: java.lang.RuntimeException: Algorithm NONE not available
   	at sun.security.ssl.JsseJce.getMessageDigest(JsseJce.java:354)
   	at sun.security.ssl.CloneableDigest.getDigest(HandshakeHash.java:310)
   	at sun.security.ssl.HandshakeHash.setFinishedAlg(HandshakeHash.java:229)
   	at sun.security.ssl.ClientHandshaker.serverHello(ClientHandshaker.java:473)
   	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:146)
   	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
   	at sun.security.ssl.Handshaker$1.run(Handshaker.java:865)
   	at sun.security.ssl.Handshaker$1.run(Handshaker.java:862)
   	at java.security.AccessController.doPrivileged(Native Method)
   	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1302)
   	at IceSSL.TransceiverI.handshakeNonBlocking(TransceiverI.java:530)
   	... 7 more
   Caused by: java.security.NoSuchAlgorithmException: NONE MessageDigest not available
   	at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
   	at java.security.Security.getImpl(Security.java:695)
   	at java.security.MessageDigest.getInstance(MessageDigest.java:159)
   	at sun.security.ssl.JsseJce.getMessageDigest(JsseJce.java:349)
   	... 17 more
   
   event handler: local address = <not available>
   remote address = 0:0:0:0:0:0:0:1:4064

Mark Woodbridge reports being unable to connect to a 1.8.0_05 ice35 server from Linux/Windows? running 1.8.0_05: http://lists.openmicroscopy.org.uk/pipermail/ome-users/2014-May/004464.html

Note if testing this on a Mac opening the Insight client from the Desktop uses the default system java even if you've installed a more recent java, so to test this you should download the Linux client package and use the scripts from the command line.

I can successfully connect to gretzky (1.6.0_20, ice33), ome-ci-c6-07 (1.7.0_05-icedtea, ice34), and also a local ice35 server running under 1.8.0_05.

Change History (19)

comment:1 Changed 10 years ago by jamoore

  • Milestone changed from Unscheduled to 5.0.3

comment:2 Changed 10 years ago by cblackburn

  • Priority changed from major to blocker

Using the 64-bit Ice-35 5.0.2 clients on Windows 8 with Java 8 installed I can't connect to local or remote servers. The exception I get is:

OMERO address: nightshade.openmicroscopy.org
User Name: cblackburn -- Password: ************
org.openmicroscopy.shoola.env.data.DSOutOfServiceException: Can't connect to OMERO. OMERO info not valid.

Ice.ConnectionLostException
    error = 0
	at IceInternal.ConnectRequestHandler.getConnection(ConnectRequestHandler.java:244)
	at IceInternal.ConnectRequestHandler.sendRequest(ConnectRequestHandler.java:141)
	at IceInternal.Outgoing.invoke(Outgoing.java:77)
	at Ice._ObjectDelM.ice_isA(_ObjectDelM.java:33)
	at Ice.ObjectPrxHelperBase.ice_isA(ObjectPrxHelperBase.java:98)
	at Ice.ObjectPrxHelperBase.ice_isA(ObjectPrxHelperBase.java:61)
	at Glacier2.RouterPrxHelper.checkedCast(RouterPrxHelper.java:2262)
	at omero.client.getRouter(client.java:770)
	at omero.client.createSession(client.java:693)
	at org.openmicroscopy.shoola.env.data.OMEROGateway.createSession(OMEROGateway.java:1853)
	at org.openmicroscopy.shoola.env.data.DataServicesFactory.connect(DataServicesFactory.java:590)
	at org.openmicroscopy.shoola.env.data.login.LoginServiceImpl.attempt(LoginServiceImpl.java:136)
	at org.openmicroscopy.shoola.env.data.login.LoginServiceImpl.login(LoginServiceImpl.java:265)
	at org.openmicroscopy.shoola.env.data.login.LoginManager.login(LoginManager.java:98)
	at org.openmicroscopy.shoola.env.init.SplashScreenInit.onEnd(SplashScreenInit.java:169)
	at org.openmicroscopy.shoola.env.init.Initializer.notifyEnd(Initializer.java:189)
	at org.openmicroscopy.shoola.env.Container.runStartupProcedure(Container.java:129)
	at org.openmicroscopy.shoola.env.Container.access$000(Container.java:78)
	at org.openmicroscopy.shoola.env.Container$1.run(Container.java:174)
	at java.lang.Thread.run(Unknown Source)

	at org.openmicroscopy.shoola.env.data.OMEROGateway.createSession(OMEROGateway.java:1872)
	at org.openmicroscopy.shoola.env.data.DataServicesFactory.connect(DataServicesFactory.java:590)
	at org.openmicroscopy.shoola.env.data.login.LoginServiceImpl.attempt(LoginServiceImpl.java:136)
	at org.openmicroscopy.shoola.env.data.login.LoginServiceImpl.login(LoginServiceImpl.java:265)
	at org.openmicroscopy.shoola.env.data.login.LoginManager.login(LoginManager.java:98)
	at org.openmicroscopy.shoola.env.init.SplashScreenInit.onEnd(SplashScreenInit.java:169)
	at org.openmicroscopy.shoola.env.init.Initializer.notifyEnd(Initializer.java:189)
	at org.openmicroscopy.shoola.env.Container.runStartupProcedure(Container.java:129)
	at org.openmicroscopy.shoola.env.Container.access$000(Container.java:78)
	at org.openmicroscopy.shoola.env.Container$1.run(Container.java:174)
	at java.lang.Thread.run(Unknown Source)
Caused by: Ice.ConnectionLostException
    error = 0
	at IceInternal.ConnectRequestHandler.getConnection(ConnectRequestHandler.java:244)
	at IceInternal.ConnectRequestHandler.sendRequest(ConnectRequestHandler.java:141)
	at IceInternal.Outgoing.invoke(Outgoing.java:77)
	at Ice._ObjectDelM.ice_isA(_ObjectDelM.java:33)
	at Ice.ObjectPrxHelperBase.ice_isA(ObjectPrxHelperBase.java:98)
	at Ice.ObjectPrxHelperBase.ice_isA(ObjectPrxHelperBase.java:61)
	at Glacier2.RouterPrxHelper.checkedCast(RouterPrxHelper.java:2262)
	at omero.client.getRouter(client.java:770)
	at omero.client.createSession(client.java:693)
	at org.openmicroscopy.shoola.env.data.OMEROGateway.createSession(OMEROGateway.java:1853)
	... 10 more
Exception in thread "Initializer"
Last edited 10 years ago by cblackburn (previous) (diff)

comment:3 Changed 10 years ago by pwalczysko

  • Component changed from Client to Insight
  • Owner set to jburel

comment:4 Changed 10 years ago by spli

This isn't specific to insight, it also occurs with bin/omero import ....

...
2014-06-24 10:21:14,525 2669       [      main] INFO       ome.formats.OMEROMetadataStoreClient - Attempting initial SSL connection to ome-ci-c6-07.openmicroscopy.org:4064
!! 24/06/14 10:21:14:983 error: Ice.ThreadPool.Client-0: exception in `Ice.ThreadPool.Client':
   java.lang.RuntimeException: Algorithm NONE not available
...

Maybe this affects all java clients? I can connect using python without any problems. If I switch back to Java 7 the import works.

Last edited 10 years ago by spli (previous) (diff)

comment:5 Changed 10 years ago by pwalczysko

@spli yes, the suspicion is that it is concerning all clients. Nevertheless, I have put this as Insight bug, because like that, it goes straight to jburel, and so will get hopefully more attention than when it would be filed as "Clients".

comment:6 Changed 10 years ago by jburel

  • Milestone changed from 5.0.3 to 5.1.0-m1

Moving to 5.1.0 as discussed on Tuesday, this bug will have to be back ported if we release for a 5.0.4

comment:7 Changed 10 years ago by spli

bin/omero import is still failing with Java 1.8.0_11 on OS X 10.9.4

comment:8 Changed 10 years ago by jburel

OSX 10.8.5
java version "1.8.0_11"
is not working against octopus but I can connect to localhost

Last edited 10 years ago by jburel (previous) (diff)

comment:9 Changed 10 years ago by jburel

bin/omero import is working with Java 1.8.0.11 on OS X 10.8.5 (localhost)

Last edited 10 years ago by jburel (previous) (diff)

comment:10 Changed 10 years ago by jburel

OSX 10.8.5 java version 1.8.0.11, clients (ice34/35) work against Hake (Windows server).

Last edited 10 years ago by jburel (previous) (diff)

comment:11 Changed 10 years ago by jburel

You can also test using the latest Eclipse (Luna) and add Java 1.8 to the list of installed JREs and select java 1.8 in compiler list.

Last edited 10 years ago by jburel (previous) (diff)

comment:12 Changed 10 years ago by jburel

Problem is due to id.properties.setProperty("IceSSL.Ciphers", "NONE (DH_anon)"); in omero. Currently testing other configurations.

comment:14 Changed 10 years ago by jburel

from ZeroC website (http://www.zeroc.com/doc/Ice-3.4.0/manual/IceSSL.42.4.html)

`
ADH is not a good choice in most cases because, as its name implies, there is no authen­tication of the communicating parties, and it is vulnerable to man-in-the-middle attacks. However, it still provides encryption of the session traffic and requires very little administration and therefore may be useful in certain situations.
`

Last edited 10 years ago by jburel (previous) (diff)

comment:15 Changed 10 years ago by jburel

Something like

id.properties.setProperty("IceSSL.Ciphers", "ALL !(ADH) !(LOW) !(EXPORT) !(MD5) (@STRENGTH)");

works again localhost/hake/octopus

comment:17 Changed 10 years ago by jburel

Reference https://www.openssl.org/docs/apps/ciphers.html

ALL
all cipher suites except the eNULL ciphers which must be explicitly enabled; as of OpenSSL, the ALL cipher suites are reasonably ordered by default

Setting the following in omero.client, should be ok since it also includes aNull i.e.

id.properties.setProperty("IceSSL.Ciphers", "ALL (@STRENGTH)");

aNULL
the cipher suites offering no authentication. This is currently the anonymous DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable to a man in the middle attack and so their use is normally discouraged.

comment:18 Changed 10 years ago by jamoore

  • Milestone changed from 5.1.0-m1 to 5.0.4

Moving all Java8 issues to the clean 5.0.4 milestone

comment:19 Changed 10 years ago by jburel

  • Resolution set to fixed
  • Status changed from new to closed

PR now open see https://github.com/openmicroscopy/openmicroscopy/pull/2912. Problem is not related to the Cipher but to the ssl protocol not being enabled.
Closing

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.72280 sec.)

We're Hiring!