After installing java jre update 1.8.0_131 or higher, users can no longer launch the Spectrum OneClick client.

book

Article ID: 6537

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

After installing java jre update 1.8.0_131 or higher, users can no longer launch the Spectrum OneClick client.  The following exceptions is thrown:

Error:  Unsigned application requesting unrestricted access to system

The following resource is signed with a weak message digest algorithm MD5 and is treated as unsigned:  

http://localhost/spectrum/lib/clienttopo.jar;no_javaws_cheat
http://localhost/spectrum/lib/contrib/clientslm.jar;no_javaws_cheat

The exception shows:

at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source) 
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source) 
at com.sun.javaws.Launcher.prepareResources(Unknown Source) 
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source) 
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source) 
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source) 
at com.sun.javaws.Launcher.launch(Unknown Source) 
at com.sun.javaws.Main.launchApp(Unknown Source) 
at com.sun.javaws.Main.continueInSecureThread(Unknown Source) 
at com.sun.javaws.Main.access$000(Unknown Source) 
at com.sun.javaws.Main$1.run(Unknown Source) 
at java.lang.Thread.run(Unknown Source) 

Cause

Oracle has updated their security policy announcing that JRE versions released starting with 1.8.0_131 in April 2017 will not trust MD5-signed jars. Please review the announcement for dates and JRE versions:

https://blogs.oracle.com/java-platform-group/entry/oracle_jre_will_no_longer
https://www.java.com/en/jre-jdk-cryptoroadmap.html

Environment

Spectrum 9.4.4
Spectrum 10.0, 10.1.x

Resolution

You need to either upgrade Spectrum to 10.2 or 10.2.1 or remove the md5 requirement for java jre on each client machine that upgrades to java 1.8.0_131 or greater:



In the java.security file (you may need to find this file, however it generally will be in a folder similar to): 



C:\Program Files (x86)\Java\<jre version>\lib\security 



Change this line to remove the MD5 entry: 



jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 



To this: 



jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 



Then relaunch the OneClick client.

Additional Information

CA product advisory:

https://support.ca.com/phpdocs/7/7832/7832_oracle-jre_product-advisory-02022017.pdf