-
Bug
-
Resolution: Duplicate
-
Critical
-
None
I have applied proposed fix from JENKINS-31089 and this is my line in `/usr/lib/jvm/java-openjdk/jre/lib/security/java.security`:
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 512, DSA keySize < 1024, EC keySize < 224
But still I'm seeing this in Jenkins 2.121.3 log:
Aug 28, 2018 3:20:15 PM hudson.model.UpdateSite updateData SEVERE: ERROR: Signature verification failed in update site 'default' <a href='#' class='showDetails'>(show details)</a><pre style='display:none'>java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=Community Update Center, O=Jenkins Project, ST=California, C=US.<br> at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:817)
Java:
$ java -version openjdk version "1.8.0_181" OpenJDK Runtime Environment (build 1.8.0_181-b13) OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode)
Attached `java.security` from Fedora 28, I can't spot any place where RSA 1024 is blocked.
- is related to
-
-
- Resolved
-
[JENKINS-53288] Signature verification failed in update site 'default' (again)
akostadinov
created issue -
akostadinov
made changes -
| Link |
New:
This issue is related to |
akostadinov
made changes -
| Description |
Original:
I have applied proposed fix from {code} jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ RSA keySize < 512, DSA keySize < 1024, EC keySize < 224 {code} But still I'm seeing this in Jenkins 2.121.3 log: {code} Aug 28, 2018 3:20:15 PM hudson.model.UpdateSite updateData SEVERE: ERROR: Signature verification failed in update site 'default' <a href='#' class='showDetails'>(show details)</a><pre style='display:none'>java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=Community Update Center, O=Jenkins Project, ST=California, C=US.<br> at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:817) {code} |
New:
I have applied proposed fix from {code} jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ RSA keySize < 512, DSA keySize < 1024, EC keySize < 224 {code} But still I'm seeing this in Jenkins 2.121.3 log: {code} Aug 28, 2018 3:20:15 PM hudson.model.UpdateSite updateData SEVERE: ERROR: Signature verification failed in update site 'default' <a href='#' class='showDetails'>(show details)</a><pre style='display:none'>java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=Community Update Center, O=Jenkins Project, ST=California, C=US.<br> at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:817) {code} Java: {code} $ java -version openjdk version "1.8.0_181" OpenJDK Runtime Environment (build 1.8.0_181-b13) OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode) {java} |
akostadinov
made changes -
| Description |
Original:
I have applied proposed fix from {code} jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ RSA keySize < 512, DSA keySize < 1024, EC keySize < 224 {code} But still I'm seeing this in Jenkins 2.121.3 log: {code} Aug 28, 2018 3:20:15 PM hudson.model.UpdateSite updateData SEVERE: ERROR: Signature verification failed in update site 'default' <a href='#' class='showDetails'>(show details)</a><pre style='display:none'>java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=Community Update Center, O=Jenkins Project, ST=California, C=US.<br> at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:817) {code} Java: {code} $ java -version openjdk version "1.8.0_181" OpenJDK Runtime Environment (build 1.8.0_181-b13) OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode) {java} |
New:
I have applied proposed fix from {code} jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ RSA keySize < 512, DSA keySize < 1024, EC keySize < 224 {code} But still I'm seeing this in Jenkins 2.121.3 log: {code} Aug 28, 2018 3:20:15 PM hudson.model.UpdateSite updateData SEVERE: ERROR: Signature verification failed in update site 'default' <a href='#' class='showDetails'>(show details)</a><pre style='display:none'>java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=Community Update Center, O=Jenkins Project, ST=California, C=US.<br> at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:817) {code} Java: {code} $ java -version openjdk version "1.8.0_181" OpenJDK Runtime Environment (build 1.8.0_181-b13) OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode) {code} |
akostadinov
made changes -
| Attachment | New: java.security [ 43925 ] |
akostadinov
made changes -
| Description |
Original:
I have applied proposed fix from {code} jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ RSA keySize < 512, DSA keySize < 1024, EC keySize < 224 {code} But still I'm seeing this in Jenkins 2.121.3 log: {code} Aug 28, 2018 3:20:15 PM hudson.model.UpdateSite updateData SEVERE: ERROR: Signature verification failed in update site 'default' <a href='#' class='showDetails'>(show details)</a><pre style='display:none'>java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=Community Update Center, O=Jenkins Project, ST=California, C=US.<br> at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:817) {code} Java: {code} $ java -version openjdk version "1.8.0_181" OpenJDK Runtime Environment (build 1.8.0_181-b13) OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode) {code} |
New:
I have applied proposed fix from {code} jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ RSA keySize < 512, DSA keySize < 1024, EC keySize < 224 {code} But still I'm seeing this in Jenkins 2.121.3 log: {code} Aug 28, 2018 3:20:15 PM hudson.model.UpdateSite updateData SEVERE: ERROR: Signature verification failed in update site 'default' <a href='#' class='showDetails'>(show details)</a><pre style='display:none'>java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=Community Update Center, O=Jenkins Project, ST=California, C=US.<br> at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:817) {code} Java: {code} $ java -version openjdk version "1.8.0_181" OpenJDK Runtime Environment (build 1.8.0_181-b13) OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode) {code} Attached `java.security` from Fedora 28, I can't spot any place where RSA 1024 is blocked. |
akostadinov
made changes -
| Link | New: This issue duplicates INFRA-1659 [ INFRA-1659 ] |
akostadinov
made changes -
| Resolution | New: Duplicate [ 3 ] | |
| Status | Original: Open [ 1 ] | New: Closed [ 6 ] |