After installing java jre update 1.8.0_131 or higher, users can no longer launch the Spectrum OneClick client.

Article Id: 6537
Status: Published
Updated On: 13-10-2019 07:44
Legacy Id: TEC1691042
Products:
CA Spectrum , CA Spectrum , CA Spectrum , CA Spectrum
Issue/Introduction:

After installing java jre update 1.8.0_131 or higher, users can no longer launch the Spectrum OneClick client.  The following exceptions is thrown:

Error:  Unsigned application requesting unrestricted access to system

The following resource is signed with a weak message digest algorithm MD5 and is treated as unsigned:  

http://localhost/spectrum/lib/clienttopo.jar;no_javaws_cheat
http://localhost/spectrum/lib/contrib/clientslm.jar;no_javaws_cheat

The exception shows:

at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source) 
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source) 
at com.sun.javaws.Launcher.prepareResources(Unknown Source) 
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source) 
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source) 
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source) 
at com.sun.javaws.Launcher.launch(Unknown Source) 
at com.sun.javaws.Main.launchApp(Unknown Source) 
at com.sun.javaws.Main.continueInSecureThread(Unknown Source) 
at com.sun.javaws.Main.access$000(Unknown Source) 
at com.sun.javaws.Main$1.run(Unknown Source) 
at java.lang.Thread.run(Unknown Source) 

Cause:

Oracle has updated their security policy announcing that JRE versions released starting with 1.8.0_131 in April 2017 will not trust MD5-signed jars. Please review the announcement for dates and JRE versions:

https://blogs.oracle.com/java-platform-group/entry/oracle_jre_will_no_longer
https://www.java.com/en/jre-jdk-cryptoroadmap.html

Environment:

Spectrum 9.4.4
Spectrum 10.0, 10.1.x

Resolution:

You need to either upgrade Spectrum to 10.2 or 10.2.1 or remove the md5 requirement for java jre on each client machine that upgrades to java 1.8.0_131 or greater:



In the java.security file (you may need to find this file, however it generally will be in a folder similar to): 



C:\Program Files (x86)\Java\<jre version>\lib\security 



Change this line to remove the MD5 entry: 



jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 



To this: 



jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 



Then relaunch the OneClick client.

Additional Information:

CA product advisory:

https://support.ca.com/phpdocs/7/7832/7832_oracle-jre_product-advisory-02022017.pdf