Errors in secureRandom #1453
-
Hi Team, I've been trying to configure bouncy castle for cassandra on jdk1.8. And I used below configuration by modifying existing java.security and java.policy file. And passing bc-fips-1.0.2.1.jar, bctls-fips-1.0.12.jar, bcpkix-fips-1.0.5.jar in classpath while starting cassandra. ---- java.security file ----------------- security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider C:HYBRID;ENABLE{All}; securerandom.source=file:/dev/random ssl.KeyManagerFactory.algorithm=PKIX ---- java.policy ---------------------- permission java.lang.RuntimePermission "getProtectionDomain"; -------- Error logs ----------- |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Try it without the security manager first. SHA-1 has been in the BCFIPS provider since 2016, so it's either a security manager issue, or the provider is not getting found. Using -Djava.security.debug=provider might provider a more complete answer. I'd also add try using BC-FJA 1.0.2.4. Oracle did change the way security providers were loaded after 1.0.2.1 came out. You may be seeing an issue related to how the old module interacts with that. |
Beta Was this translation helpful? Give feedback.
Try it without the security manager first. SHA-1 has been in the BCFIPS provider since 2016, so it's either a security manager issue, or the provider is not getting found. Using -Djava.security.debug=provider might provider a more complete answer.
I'd also add try using BC-FJA 1.0.2.4. Oracle did change the way security providers were loaded after 1.0.2.1 came out. You may be seeing an issue related to how the old module interacts with that.