How do I know which cipher suites are supported for kaka.
I am using kafka kafka_2.10-0.10.1.1 version and
Java version
java -version
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)
appreciate any advice?
Strength of Kafka cryptography depends on your java cryptography extension (jce) version. And Kafka can use all algorithms that are supported by jce (that are numerous).
Default java has limited support for cipher algorithms for instance max key length for AES is 128. For using maximum security you can download unlimited jce from oracle site and update it in your jre libs directory.
Related
I am currently running my Java based applications with OpenJDK1.8 and RHEL [Redhat Enterprise Linux] - 7.9. I am planning to upgrade few of the Java native libraries into higher versions whereas I need to upgrade my Java version to OpenJDK11 in that case.
Can anyone suggest whether OpenJDK11 compatible with RHEL-7.9 ? I don't have a plan to upgrade my RHEL version into RHEL-8.x.
I was trying to install the ZAP proxy in my parrot home OS, but I'm unable to install it and the error that I'm receiving in the terminal is as follows:
(A fatal error has been detected by the Java Runtime Environment:
SIGBUS (0x7) at pc=0x00007f904544b12f, pid=6446, tid=6447JRE version: OpenJDK Runtime
Environment (11.0.5+10) (build 11.0.5+10-post-Debian-2)
Java VM: OpenJDK 64-Bit Server VM (11.0.5+10-post-Debian-2, mixed mode, sharing, tiered,
compressed oops, g1 gc, linux-amd64)
Problematic frame:
V [libjvm.so+0xcce12f]
No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
If you would like to submit a bug report, please visit:
(https://bugs.debian.org/openjdk-11)
Aborted
This error message...
(A fatal error has been detected by the Java Runtime Environment:
SIGBUS (0x7) at pc=0x00007f904544b12f, pid=6446, tid=6447JRE version: OpenJDK Runtime
Environment (11.0.5+10) (build 11.0.5+10-post-Debian-2)
Java VM: OpenJDK 64-Bit Server VM (11.0.5+10-post-Debian-2, mixed mode, sharing, tiered,
compressed oops, g1 gc, linux-amd64)
Problematic frame:
V [libjvm.so+0xcce12f]
...implies that the V frame was the Problematic frame which crashed which resulted in libjvm.so file.
The crash you observed is possibly not a zap or java issue but a debian issue.
Deep Dive
However as per the documentation in What versions of Java are supported? page, ZAP should be able to run with all/newer Java versions, but might require a minimum for certain ZAP versions:
ZAP 2.7.0 and later requires a minimum of Java 1.8
ZAP 2.0.0 and later requires a minimum of Java 1.7
Previous versions of ZAP also support Java 1.6, the last of those being 1.4.1
Additionally, as per the documentation in Download ZAP page:
The Windows and Linux versions require Java 8 or higher to run.
The macOS version includes Java 8 - you can use the Linux or Cross Platform versions if you do not want to download this.
Finally, as per the documentation in Release 2.9.0 page:
This is a bug fix and enhancement release, which requires a minimum of Java 8. Note that a minimum of Java 11 is recommended, especially for high DPI displays.
References
You can find a couple of relevant discussions in:
Jvm crash :fatal error has been detected by the Java Runtime Environment
“A fatal error has been detected by the Java Runtime Environment” when running java project on another computer
A fatal error has been detected by the Java Runtime Environment (SIGBUS (0x7))
JVM crashes with problematic frame [libjvm.so+0x7f582e] PerfLongVariant::sample()+0x1e
I have two installations of RMQ in my environment.
Old installation has version 3.7.8 and erlang 21.1.
Newer installation has version 3.7.9 and erlang 21.2
New installation has this cipher only these suites supported. No ecdhe support at all unlike old installation that has twise more cipher suites.
sudo rabbitmq-diagnostics cipher_suites
Listing available cipher suites in the Erlang term format
[{dhe_rsa,aes_256_gcm,aead,sha384},
{dhe_dss,aes_256_gcm,aead,sha384},
{dhe_rsa,aes_256_cbc,sha256},
{dhe_dss,aes_256_cbc,sha256},
{dhe_rsa,aes_128_gcm,aead,sha256},
{dhe_dss,aes_128_gcm,aead,sha256},
{dhe_rsa,aes_128_cbc,sha256},
{dhe_dss,aes_128_cbc,sha256},
{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{dhe_rsa,aes_128_cbc,sha},
{dhe_dss,aes_128_cbc,sha}]
I can't log on to management plugin in chrome. It throws and ERR_SSL_VERSION_OR_CIPHER_MISMATCH exception.
How to add more cipher suites?
Originally posted here.
You may be running into an issue with limited cipher suite availability. Using Erlang 21.1, notice that the default number of available suites is less than the total (on my machine):
2> length(ssl:cipher_suites()).
36
3> length(ssl:cipher_suites(all)).
74
To test out the cipher suites theory, please do this:
Run the erl command
Run this command in the shell (the period is significant): rp(ssl:cipher_suites(all)).
You will see a list of all supported suites on your platform.
NOTE: in your case, you need to add the ciphers section to the rabbitmq_management section of rabbitmq.config. If you need assistance, follow up to your thread on the mailing list.
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
Are OpenJDK VM and Oracle Hotspot VM still two different JVMs?
I can't seem to find any somewhat official documentation on anything about OpenJDK VM. Even in OpenJDK homepage there is an HotSpot Group which develops HotSpot VM.
The HotSpot group is comprised of developers involved in the design, implementation, and maintanence of the HotSpot virtual machine
However if I check java -version on my Windows machine it prints out
Java HotSpot(TM) 64-Bit Server VM
But on my Ubuntu VPS
OpenJDK 64-Bit Server VM
If those are two different VMs what are the main differences between them? Do they have different runtime flag sets?
tl;dr
The accepted Answer by apangin is now outdated.
For recent versions such as Java 11, the Oracle JDK product is virtually identical to the OpenJDK project. OpenJDK now includes Oracle's previous offerings: Java Flight Recorder, Java Mission Control, Application Class-Data Sharing, and ZGC.
To quote the Oracle.com blog:
From Java 11 forward, therefore, Oracle JDK builds and OpenJDK builds will be essentially identical.
Oracle JDK & OpenJDK converging
Oracle has made dramatic changes in the last couple years.
Oracle declared their intention to converge their branded Oracle JDK with OpenJDK to feature-parity. Both are based on the OpenJDK code base.
Towards that end, the formerly commercial tools sold by Oracle, Flight Recorder and Mission Control are now open-sourced and donated to the OpenJDK project. See this and this on the OpenJDK site.
Oracle and other members of the OpenJDK consortium have contributed yet more source code to make the OpenJDK code base entirely open-source and unencumbered by licenses other than the GNU GPL+linking exception.
Oracle has changed their licensing terms. The Oracle JDK branded product is no longer free-of-cost for use in production. Alternatively, you can get a free-of-cost distribution of OpenJDK from any of over half a dozen vendors, including one from Oracle. For all the details, see this vital white paper written by pillars of the Java community, Java Is Still Free.
I drew this flowchart to guide you in selecting a JDK source.
Oracle reserves the right to patch their own branded product for an urgent fix or security vulnerability. But the company has stated their intention to also contribute and coordinate with the other OpenJDK members. Oracle continues to own the Java trademarks and to lead the future of the Java platform. For the existing Long-Term Support (LTS) versions 8 and 11, Oracle has ceded stewardship to RedHat (IBM).
HotSpot versus OpenJ9
The Question here asks:
Are OpenJDK VM and Oracle Hotspot VM still two different JVMs?
As discussed above, the two products are converging at feature parity. Regarding HotSpot technology, read on.
HotSpot is one component within both Oracle JDK and OpenJDK, as discussed above. Today’s HotSpot also combines parts from JRockit. Oracle merged the best of both Java engines, having acquired them from Sun Microsystems and BEA Systems.
The Adoptium project (formerly known as AdoptOpenJDK) from the Eclipse Foundation also provides a build of OpenJDK using Eclipse OpenJ9 (based on J9, donated by IBM) as an alternative to HotSpot. When downloading from Adoptium web site, you choose either HotSpot or OpenJ9 from a menu.
Currently, tests seem to show OpenJ9 as dramatically faster to launch while using much less memory, but HotSpot may run faster with sustained usage. But this is still early days for OpenJ9, so investigate for yourself the latest developments.
Oracle HotSpot JVM is based on OpenJDK HotSpot project. So, they are mostly the same VM, except that Oracle JVM has a few additional commercial features, mainly, Java Flight Recorder, Application Class Data Sharing and Cooperative Memory Management.
Runtime flags are almost the same for both VMs; see the complete list using
-XX:+UnlockDiagnosticVMOptions -XX:+UnlockCommercialFeatures -XX:+PrintFlagsFinal
As of JDK 8u131, the only difference is in the following flags (absent in OpenJDK VM):
bool EnableResourceManagementTLABCache = true {product}
bool EnableSharedLookupCache = true {product}
bool FlightRecorder = false {commercial}
ccstr FlightRecorderOptions = {product}
bool LogCommercialFeatures = false {product}
ccstr MemoryRestriction = none {commercial}
bool ResourceManagement = false {commercial}
intx ResourceManagementSampleInterval = -1 {commercial}
ccstr StartFlightRecording = {commercial}
bool TraceSharedLookupCache = false {product}
bool UnlockCommercialFeatures := true {commercial}
bool UseAppCDS = false {commercial}
I have WebSphere 7 Aplication Server. There is Java VM 1.6 installed. Linux.
Java version "1.6.0"
Java(TM) SE Runtime Environment (build pxa6460sr10fp1-20120321_01(SR10 FP1))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux amd64-64 jvmxa6460sr10fp1-20120202_101568 (JIT enabled, AOT enabled)
J9VM - 20120202_101568
JIT - r9_20111107_21307ifx1
GC - 20120202_AA)
JCL - 20120320_01
I try to use jProfiler, using trial lisence. But don't want to change something on the server this time.
So I download jprofiler for linux to my server.
Then I run bin/jpenable and it says that:
No unprofiled JVM found
Now I don't know what to do, googling doesn't give any useful result. Can You tell me in what way I must search a problem? May be incorrect path or something else. I hope You'll understand my english (it is not so good).
Have a look at this help pdf, in specifically check out Attach to local JVM session.
Also, have a look at this answer and this question.
hope it will help..