I'm running into java.security.NoSuchAlgorithmException: EC AlgorithmParameters not available with Wildfly 8.2 (OpenJDK 1.8.0_31) on OpenShift (the exception is thrown by AmazonHttpClient).
It looks like there is a bug with OpenJDK 1.8 and ECC: https://bugzilla.redhat.com/show_bug.cgi?id=1167153
On of the suggested workarounds requires editing jre/lib/security/java.security to disable jdk.tls.disabledAlgorithms=EC,ECDHE,ECDH.
Or removing jre/lib/ext/sunec.jar
Unfortunately I'm not able to do this on OpenShift (missing permissions).
What would be the best workaround here? Can I alternatively switch to Oracle JDK (on OpenShift) which does not have this problem?
UPDATE:
I removed Sun java.security.Provider-s and added BouncyCastle instead:
static {
Security.removeProvider("SunEC");
Security.removeProvider("SUN");
Security.removeProvider("SunJSSE");
// ...
Security.addProvider(new BouncyCastleProvider());
}
Unfortunately BouncyCastle is not a JSSE provider (create an SSLContext instance using a Bouncy Castle provider) and
SSLContext.getInstance() fails with
NoSuchAlgorithmException: TLS SSLContext not available.
I also tried @Rudy De Busscher suggested answer, although I'm not in favor of manual setting
the env variable since it's something that can later easily be forgotten.
Instead, I added the JAVA_OPTS_EXT setting to $OPENSHIFT_DATA_DIR/.my_custom_env
and loaded it with source ${OPENSHIFT_DATA_DIR}.my_custom_env in
the .openshift/action_hooks/pre_start hook.
It didn't worked but since I would still need to use BouncyCastle for JSSE, I have given up this solution.
Fortunatelly I was able to switch back to OpenJDK 1.7 (via .openshift/markers/java7)
which "solved" the problem for now.
