Hello everybody,
I would like to make you aware of a problem with the newest java openjdk
update in SL 6 in conjunction with dCache (see below).
In the default configuration of java 1.7.0.45, certain (not all) proxy
certificates are rejected by the SRM server resulting in connection
resets by peer.
Best regards,
Andreas
-------- Original-Nachricht --------
Betreff: Re: 60307 Errors / Java openjdk 1.7.0.45 too restrictive
Datum: Tue, 5 Nov 2013 16:06:15 +0100
Von: Andreas Nowack <[log in to unmask]>
An: <[log in to unmask]>
*** Discussion title: CRAB Feedback
Hi,
we at T2_DE_RWTH suffered from the same error.
In our case, the reason was a java update on our dCache SRM server. The
security options of java openjdk 1.7.0.45 are more restrictive than
before (1.7.0.25).
In
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.45.x86_64/jre/lib/security/java.security,
the new default is:
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
Before it was:
jdk.certpath.disabledAlgorithms=MD2
Changing this setting back to the old value and restarting the SRM
server solved our problem.
Best regards,
Andreas
-------------------------------------------------------------
Visit this CMS message (to reply or unsubscribe) at:
https://hypernews.cern.ch/HyperNews/CMS/get/crabFeedback/7024/1/1/2/2/1/1/1/1/1/1/1/1/2/1/1/1.html
|