After installing java jre update 1.8.0_131 or higher, users can no longer launch the Spectrum OneClick client.

Document ID : KB000006537
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

After installing java jre update 1.8.0_131 or higher, users can no longer launch the Spectrum OneClick client.  The following exceptions shows:

 

Error:  Unsigned application requesting unrestricted access to system

The following resource is signed with a weak message digest algorithm MD5 and is treated as unsigned:  http://localhost/spectrum/lib/clienttopo.jar;no_javaws_cheat

http://localhost/spectrum/lib/contrib/clientslm.jar;no_javaws_cheat

 

The exception shows:

 

at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source) 

at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source) 

at com.sun.javaws.Launcher.prepareResources(Unknown Source) 

at com.sun.javaws.Launcher.prepareAllResources(Unknown Source) 

at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source) 

at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source) 

at com.sun.javaws.Launcher.launch(Unknown Source) 

at com.sun.javaws.Main.launchApp(Unknown Source) 

at com.sun.javaws.Main.continueInSecureThread(Unknown Source) 

at com.sun.javaws.Main.access$000(Unknown Source) 

at com.sun.javaws.Main$1.run(Unknown Source) 

at java.lang.Thread.run(Unknown Source) 

Cause:

Oracle has updated their security policy announcing that JRE versions released starting with 1.8.0_131 in April 2017 will not trust MD5-signed jars.

 

Please review the announcement for dates and JRE versions:

 

https://blogs.oracle.com/java-platform-group/entry/oracle_jre_will_no_longer

https://www.java.com/en/jre-jdk-cryptoroadmap.html

Resolution:

You need to either upgrade Spectrum to 10.2 or 10.2.1 or remove the md5 requirement for java jre on each client machine that upgrades to java 1.8.0_131 or greater:

 

 

In the java.security file (you may need to find this file, however it generally will be in a folder like this): 

 

C:\Program Files (x86)\Java\<jre version>\lib\security 

 

Change this line to remove the MD5 entry: 

 

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 

 

To this: 

 

jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 

 

Relaunch the OC client.

Additional Information:

CA released a product advisory earlier this year:

 

https://support.ca.com/phpdocs/7/7832/7832_oracle-jre_product-advisory-02022017.pdf