Forum Discussion

Thijs_van_Ham's avatar
Thijs_van_Ham
Icon for Nimbostratus rankNimbostratus
May 15, 2017

Java RDP applet through APM stops working after update to 8v131

We have been using the RDP applet on a webtop portal page (APM) for quite some time now. However, since the Java update to 8u131 the applet can no longer be used.

 

The error message is: "Your security settings have blocked an untrusted application from running. The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned: "

 

After adding the domein to the exception list of on the java client (as a workaround) it does continue but after opening the RDP client the F5 page throw the following error: "access denied ("java.util.logging.LoggingPermission" "control")"

 

We clearly did miss something since I cannot find any other sources claiming to have this problem. I did find a source claiming this change would be made in Java 8u131: http://www.infoworld.com/article/3159186/security/oracle-to-java-devs-stop-signing-jar-files-with-md5.html

 

We are running quite an old version of the BIG-IP software: BIG-IP 11.5.4 Build 2.0.291 Hotfix HF2

 

Is this solved in a later release (in the 11.5.4 branch)? I did stroll through the release notes but did not find anything mentioning resigning the applets. Any ideas?

 

APM
application delivery
java applet

8 Replies

Sort By
  • NetworkTeam_178's avatar
    NetworkTeam_178
    Icon for Nimbostratus rankNimbostratus
    May 16, 2017

    I have literally the EXACT same issue for a customer.

     

    Did you manage to solve it?

     

  • Thijs_van_Ham's avatar
    Thijs_van_Ham
    Icon for Nimbostratus rankNimbostratus
    May 16, 2017

    Unfortunately not yet, I am considering upgrading to 11.5.4 HF4 tonight but my guess is that it is most likely resolved in a later release which we cannot upgrade to at this moment.

     

  • NetworkTeam_178's avatar
    NetworkTeam_178
    Icon for Nimbostratus rankNimbostratus
    May 16, 2017

    Im running 11.6.4 and having same issue.

     

    I will raise a ticket with F5 and let you know the outcome

     

  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    May 16, 2017

    Then why are you using Java RDP since you can use the windows 10 default RDP client (mstsc) ?

     

  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    May 16, 2017

    Normally you will need to use Java RDP for non-windows OS (ex. MAC OS).

     

    For Windows clients, it is better to use the windows RDP default client (mstsc).

     

    So I think you must adapt your VPE by doing following steps :

     

    1) Detect which type of client OS it is initiating the connection VPE ITEM NAME "Client OS" Note: you can keep just two branch the "windows" one and the fallback one.

     

    2) Duplicate your RDP ressources by creating both "RDP_without_java" and "RDP_java"

     

    3) "Client OS" --> Branch 1 "Windows" --> "Advanced Ressource Assign" (choose RDP_without_java) --> Branch 2 "Fallback" --> "Advanced Ressource Assign" (choose RDP_java)

     

    In this way you will be able to cover all needs using both Java RDP and default RDP. Also you are limiting the impact to non-windows OS

     

    Hope it helps

     

    Regards

     

  • Thijs_van_Ham's avatar
    Thijs_van_Ham
    Icon for Nimbostratus rankNimbostratus
    May 16, 2017

    Seems like that updating to 11.5.4 HF4 did resolve this issue. The applet is now signed with the SHA256withRSA algorithm. From what I heard it is not directly mentioned in any of the release notes.