For more details, please see ourCookie Policy.


Fibre Channel (SAN)

Reply
New Contributor
Posts: 2
Registered: ‎04-09-2013

Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

BNA +2-0-3 comes with a version 1.7 release 25 and not 45 so not sure would really hit the defect.

External Moderator
Posts: 5,620
Registered: ‎02-23-2004

Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

indeed, the defect report:

 

-> BNA with prior to...

 

-> Workaround: Launch Web Tools through Network Advisor running version 12.1.4 or higher
-> Recovery: JRE must be downgraded to 1.7u25

 

from you post is not clear to me which JRE you are using.

TechHelp24
Occasional Contributor
Posts: 5
Registered: ‎10-03-2008

Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

Give this a try ...

 

Java security setting has been enhanced starting from Java 1.7.0_40.

Some old java console/apps with certificate's RSA Key length <1024

will fail to start with "cannot start application" pop-up.

 

I just upgraded to Jave 7 Update 45 (32 and 64 Bits Windows) with same

behavior.

When SCCM will push Java 7 Update 40, you may be a victim of.

 

This fix is to apply after each jre update from client site (workaround)

or requires a permanent fix from software house that wrote application

(a new certificate with RSA key > 1024 bytes must be provided)

 

For more info about the new enhanced security, refer to the following link

 

http://docs.oracle.com/javase/7/docs/technotes/guides/security/certpath/CertPathProgGuide.html#AppB

 

--- excerpted from above link ---

Starting from JDK 7u40 release, the default value of

jdk.certpath.disabledAlgorithms is as follows:

 

 jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

This means that no signature algorithm involving MD2 will be used to verify

a certificate. And use of certificates with RSA key size of less than 1024

bits in length is restricted.

--- excerpted from above link ---

 

 

 

 

The FIX  :

**********

The java.security file is located in your client machine's Java/JRE

installed directory (jre/lib/security/java.security).

 

In Java 1.7.0_40 the java.security by default has this setting:

 

(Info : round Line 409)

 

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

 

Changing the 1024 to 256 may solve the issue.

 

 

The PERMANENT FIX :

*******************

 

The permanent solution is to re-sign OneClick jars with a new signing

certificate that would have higher key size.

Anonymous
Posts: 0

Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

I was able to get this to work, but use at your own risk.

Make a backup of your java.security file in C:\Program Files\Java\jre7\lib\security

Open the Jave.security file and find the line that reads jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

Change the 1024 to 256 and save the file.

Once I did this and decreased the security settings in the java control panel, I was able to get to my switches.

If this doesn't work, you may also need to add an exception for the IP address in the control panel under security.

This is working with Java 7 U51

Good Luck..

Anonymous
Posts: 0

Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

[ Edited ]

I have the issues logging into old swithes from my laptop

OLD Switches=5300/300

JRE:1.6 U 19 installed and enabled

JRE:1.7 u 25 installed and enabled

JRE:1.7 u 51 installed and disabled


Java control panal added runtime parameter "-Xms256m -Xmx256m"

Security =Medium

Java Security file: #jdk.certpath.disabledAlgorithms=MD2  ( disabled)

One other thing, if i tried to add exception to the java control panel via ip address of the switch ( currently does not have dnsname)

i could apply but the change did not go through and ip was not listed in exception, as a matter of fact the format tap to add exception has red exclaimation but i could not tell what for ?

When i point my browser to old switche it tries to launch old java and then the brower dies, before that it would launch the gui , i would get log in prompt and then the switch never loads, i have tried all know tricks..

Please help.

Can i just get a new certificate generated on the old swithces which i can import to my browser, has any one tested that and what is the procedure to regenerate brocade certificate on a switch.

Thanks

 

Anonymous
Posts: 0

Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

change this line in your security file #jdk.certpath.disabledAlgorithms=MD2

Remove the # at the beginning and change it to this jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 256

You might need to lower your security settings and add an exception for your switch IP in the Java control panel as well.

Anonymous
Posts: 0

Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

A workaround

 

Start "javaws -viewer" to launch the "Java Cache Viewer"

In the "Java Cache Viewer" window run the application called "your_swith_mane: WebTools Switch Explorer"

All certificat integrity check will be bypassed ;-)

Anonymous
Posts: 0

Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

Changing jre lib file as shown in post with: jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 256 worked for me with Firefox and JRE 1.7

 

Thank you!

Anonymous
Posts: 0

Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

hi Br!

i am using BR-AP7131 router and window8-64 bit with jre1.7..25  java version. I tried all way on the top, but can't log in webtool(the last time i can login webtool since 1 year ago). pls help me. my contact phamngocduyen19844 skype chat. thanks alot!

Anonymous
Posts: 0

Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

SOLVED for a old Brocade type:CONTRX Model:510,  it's working fine forcing the 6 update 25 version usage 

 

To force the 6 update 25 usage even with a newer version installed (1.7.x)

 

1/ Install the Java SE Runtime Environment 6u25 (jre-6u25-windows-i586.exe)

http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase6-419409.html#jre-6u25-oth-JPR

 
2/ Duplicate all the install folder in another folder to avoid futur automatic upgrade
C:\Program Files (x86)\Java\jre6\*  -> C:\my_jre6u25\*
 
3/ Create the following .jnlp file (C:\my_jre6u25\sanbromhx1dsy.jnlp by example)
in the file replace sanbromhx1dsy by your switch name
--------- File contents -----------------
<jnlp spec="1.6+" codebase="http://sanbromhx1dsy/">
<information>
 <title>sanbromhx1dsy : WebTools: Switch Explorer</title>
 <vendor>v6.3.1a</vendor>
 <description>Web Tools</description>
</information>
<application-desc main-class="com.brocade.web.switchview.SwitchExplorerApplet">
 <argument>sanbromhx1dsy</argument>
</application-desc>
<resources>
 <java version="1.6*" initial-heap-size="64m" max-heap-size="256m" />
 <jar href="wt-app.jar" download="eager"/>
 <jar href="wt-thirdparty.jar" download="eager"/>
 <property name="jnlp.packEnabled" value="true" />
 <property name="page" value="/switchExplorer.html" />
 <property name="token" value="" />
 <property name="authenticated" value="-2" />
 <property name="WebStarted" value="yes" />
 <property name="urlProtocol" value="http" />
 <property name="urlPort" value="80" />
 <property name="adCapable" value="1" />
 <property name="isVFEnabled" value="false" />
 <property name="switchName" value="sanbromhx1dsy" />
 <property name="isSwitchManager" value="false" />
</resources>
<security>
 <all-permissions/>
</security>
</jnlp>
--------------------------
 
4/ Create a batch file (C:\my_jre6u25\sanbromhx1dsy.bat) to execute java using this .jnlp file
------ File contents ---------
"%~dp0\bin\javaws.exe" "%~dp0brocade_sanbromhx1dsy.jnlp"
---------------
 
5/ Execute the batch file
you will have 2 warnings but it works
 
If you do not have the same switch model, it can needs others jar application
     Display your original .jnlp file and if needed replace the (<jar href=...) with your .jar names
To display your original jnlp xml parameters used by your switch
      Execute the command: javaws -viewer
      It opens the "Java Cache Viewer" window, right click on your application (switch name) and select "Show JNLP file"
 
I hope this topic will help you
Best regards
Eric
 

Join the Broadcom Support Community

Get quick and easy access to valuable resources across the Broadcom Community Network.