Skip to content

Instantly share code, notes, and snippets.

@ahembree

ahembree/java.security.md

Created February 25, 2024 01:24
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ahembree/e692252d1a4a4cf631fea2fe66c3f576 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ahembree/e692252d1a4a4cf631fea2fe66c3f576 to your computer and use it in GitHub Desktop.
Download ZIP
Dell iDRAC6 Enterprise Java Security JNLP file fix
Raw
java.security.md

iDRAC6 Enterprise .jnlp file launch fix

This will fix the launch and connection errors when launching a .jnlp file downloaded from an iDRA6 Enterprise card

Note that this is bad practice, these algorithms in Java are disabled for a reason, but sometimes you gotta support old hardware...

This assumes you are launching the .jnlp file with javaws.exe (such as C:\Program Files\Java\jre-1.8\bin\javaws.exe)

In your java.security file, which can be found in your install location (such as C:\Program Files\Java\jre-1.8\lib\security\java.security)

Change:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
      DSA keySize < 1024, include jdk.disabled.namedCurves, \
      SHA1 denyAfter 2019-01-01

To this (comment out the SHA1 line, remove the , \ at the end of the line before):

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
      DSA keySize < 1024, include jdk.disabled.namedCurves
#      SHA1 denyAfter 2019-01-01

Find the line that starts with jdk.tls.disabledAlgorithms, and comment it out along with the indented lines below it like so:

#jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, \
#    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
#    include jdk.disabled.namedCurves

If you know which exact items need to be disabled instead of all of them, please let me know so I can update this.

@ylavi
Copy link

ylavi commented Nov 18, 2025

Hi

The changes I found necessary in Java 21 are as follows:

# Removed MD5, SHA1 jdkCA & usage TLSServer & "SHA1 usage SignedJAR & denyAfter 2019-01-01" for iDRAC6
#jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
#    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
#    SHA1 usage SignedJAR & denyAfter 2019-01-01
jdk.certpath.disabledAlgorithms=MD2, \
    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

# Removed MD5, SHA1 denyAfter 2019-01-01 for iDRAC6
#jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
#      DSA keySize < 1024, SHA1 denyAfter 2019-01-01
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024, \
      DSA keySize < 1024

# Removed SSLv3, RC4 for iDRAC6
#jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \
#    MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
#    ECDH
jdk.tls.disabledAlgorithms=TLSv1, TLSv1.1, DTLSv1.0, DES, \
    MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    ECDH

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment