2

Our applets have stopped working on HTTPS after updating to java 1.7.0_45. They worked on 1.7.0_40 and all lower versions and work on HTTP even with 1.7.0_45.

All references I could find pointed to a handshake exception introduced with java 7, due to no ServerName definition, but this does not apply to our applets.

Java console alerts me that the applet was initialized, started and made visible and shows no errors. However, the applet is not displayed (applets are compatible with IE, Mozilla and Chrome and behaviour is reproduced in all). This also happens when starting applets from sourcecode in Intellij Idea

I have been researching this for the past few days and have not found an explanation. Do any of you have any idea why this happens?

Edit - I kept the java console as well, but here's what I have discovered:

In previous versions of java, a pop-up warning shows up that asks the user if the source is trusted or not. If user allows access, our certificate is imported. With 1.7.0_45, the certificate is blocked by default.

I've not switched to researching a way around this now. Will post the answer as soon as I find it, but if anyone has an any tips, They'd be much appreciated.

Java console outputs this:

PluginMain: starting applet ID 1 in parent window 0xb05f0 with parameters:
Document base = https://myServer:myPort/AppletHome.html
mayscript=true
hspace=0
rmihost=#HOSTNAME#
align=BOTTOM
width=320
code=MyClass.class
height=250
scriptable=false
rmiport=31308
language=en
archive=myjars.jar
vspace=0
enablecookie=true
codebase=https://myserver:myport/
amactivated=false
----
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured
security: Blacklist revocation check is enabled
security: blacklist: created: NEED_LOAD, lastModified: 1385559768744
security: blacklist: hasBeenModifiedSince 1385560033627 (we have 1385559768744)
security: Trusted libraries list check is enabled
security: Certificate revocation enabled. Disable security validation optimizations.
security: Reset cached validation for https://myHost:myPort/data/myJar.jar.
---
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
security: Check if certificate can be verified using certificates in Root CA certificate store

And I think this right here might be the problem:

security: Certificate has failed the verification with the SSL Root CA certificates

security: Invalid certificate from HTTPS server

But the output concludes so:

security: Certificate revocation enabled. Disable security validation optimizations.
Missing Application-Name: manifest attribute for: https://myHost:myPort/data/myJar.jar
Missing Permissions manifest attribute for: https://myHost:myPort/data/myJar.jar
Missing Codebase manifest attribute for: https://myHost:myPort/data/myJar.jar
security: Validate the certificate chain using CertPath API
security: SHA-256Certificate finger print: certificateFingerPrint1
security: SHA-256Certificate finger print: certificateFingerPrint2
security: SHA-256Certificate finger print: certificateFingerPrint3
security: The OCSP support is enabled
security: The CRL support is enabled
network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT
network: Connecting http://ocsp.thawte.com:80/ with proxy=DIRECT
security: OCSP Response: GOOD
network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT
network: Connecting http://ocsp.thawte.com:80/ with proxy=DIRECT
security: OCSP Response: GOOD
security: Certificate validation succeeded using OCSP/CRL
basic: updateValidationResultsForApplet update
cache: Mark prevalidated: https://myHost:myPort/data/myJar.jar true tm=1385628443976 cert=1425427199000
basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms
security: SHA-256Certificate finger print: certificateFingerPrint1
security: SHA-256Certificate finger print: certificateFingerPrint2
security: SHA-256Certificate finger print: certificateFingerPrint3
basic: Applet initialized
basic: Starting applet
basic: completed perf rollup
basic: Applet made visible
basic: Applet started
basic: Told clients applet is started
near.ethiC
  • 186
  • 1
  • 3
  • 9

1 Answers1

0

For debugging applets, I recommend configure the plugin (Control Panel / Java / Advanced) to open java console on start and to show any traces, debug messages and exceptions. Can you de Java Console output?

I would also recommend publishing applets with HTTP if possible because the Java VM sometimes has problems with HTTPS (untrusted https connections, connections which require digital certificates), etc.

On the other hand, Java now requires additional attributes in the META-INF/MANIFEST (for instance, Caller-Allowable-Codebase) files of JARs, e.g.:

Manifest-Version: 1.0
Implementation-Title: mypackage
Implementation-Version: build01
Specification-Vendor: My company
Application-Name: My applet
Caller-Allowable-Codebase: *
Implementation-Vendor: My company
Application-Library-Allowable-Codebase: *
Name: com/company/package
Permissions: all-permissions
Specification-Title: My spec
Specification-Version: 1.0.0
Codebase: *
erny
  • 1,296
  • 1
  • 13
  • 28
  • Hello - thanks for the tips. I'll check if something is missing from my applets/ I've already enabled all debugging options on my Java console, as I referenced in my question. I even enabled have JPI_PLUGIN2_DEBUG and JPI_PLUGIN2_VERBOSE set, but I didn get much help from that. I'll edit my question to include the console output. As for not using HTTPS, it's a product feature. We offer both HTTP and HTTPS. – near.ethiC Dec 02 '13 at 09:08