Java Crypto-Policies - Aladin Sky Atlas

Hi to everyone

I hoper everything is going fine for you.

I’m using Fedora 33 with the spin dedicated to Astronomy (Fedora Labs) and I’m trying to use a software called Aladin Sky Atlas (https://aladin.u-strasbg.fr/). This software is designed to run with Java, and the version that I have installed is openjdk version “11.0.10” 2021-01-19.

So, the problem is that when I try to run Aladin Aplication, the Konsole show me the following error messages :

Aladin (v11.024) is starting…
Aladin is developed by Pierre Fernique, Thomas Boch, Anaïs Oberto, François Bonnarel and Chaitra
(c) 2020 Université de Strasbourg/CNRS - developed by CDS, distributed under GPLv3
Your JVM release is java 11.0.10 / Red Hat, Inc.
Caching not available for [https://vizier.u-strasbg.fr/viz-bin/asu-xml/V1.1?-meta.aladin=all] !!!
metaDataQuery : javax.net.ssl.SSLHandshakeException: Certificates do not conform to algorithm constraints
javax.net.ssl.SSLHandshakeException: Certificates do not conform to algorithm constraints
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:287)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1408)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1314)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1592)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
at cds.tools.Util.openConnectionCheckRedirects1(Util.java:277)
at cds.tools.Util.access$000(Util.java:126)
at cds.tools.Util$OpenConnection.run(Util.java:254)
Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1642)
at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1567)
at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1511)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
… 19 more
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: SHA1withRSA
at java.base/sun.security.provider.certpath.AlgorithmChecker.check(AlgorithmChecker.java:278)
at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1638)
… 22 more
VizieR meta query error javax.net.ssl.SSLHandshakeException: Certificates do not conform to algorithm constraints

I discovered that is something related to Crypto-Policies, specifically the file java.config located in /etc/crypto-policies/back-ends/. If I delete the content of that file the Aladin Software works OK without any error messages. But I think that delete that content is not a good idea for the system’s safety.

So, please somebody knows how can I adjust this file to run Aladin OK? Is very sure that I have to modify something in java.config. Maybe with the error message you will know what is the exactly policy that must to be modify

Thank you very much for your support

Best Regards

Jonhatan

1 Like

Changes/StrongCryptoSettings2 - Fedora Project Wiki

1 Like

Thank you very much!!! That information solves the problem

Thanks for your support

1 Like