View Issue Details

IDProjectCategoryView StatusLast Update
0018173CentOS-8javapublic2021-04-27 16:57
Reporterrobmv Assigned To 
Status newResolutionopen 
Product Version8.3.2011 
Summary0018173: Java update break Wildfly based applications using PKCS12 keystores
DescriptionJava update break Wildfly based applications (running a privately maintained copy of Wildfly 17), when the TLS keystore is located on a PKCS12 file. The exception thrown is: Key protection algorithm not found: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
     ... 11 more
 Caused by: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
     ... 14 more
 Caused by: unrecognized algorithm name: PBEWithSHA1AndDESede
     ... 15 more
Steps To Reproduce1- Install Wildfly 17.0.1
2- Configure a TLS PKCS12 keystore
3- Start Wildfly
4- The exception is shown
5- Revert to and the problem is not triggered anymore

Tried with the LEGACY crypto policy just in case that the DEFAULT policy was made stronger, but it didn't fix for
Additional InformationTesting with AdoptOpenJDK version jdk8u292-b10 trigger the error to, so it shouldn't be a Red Hat provided patch.

A simple Java example like the following doesn't trigger the problem, so it is something more complex that Wildfly is doing that trigger this backward incompatible change

This bug should affect Red Hat Enterprise Linux 8 too, it is wise to report it to RH bugzilla?


public class Test {
    // arg[0] PKCS12 file path, arg[1] password. Not validated for simplicity.
    public static void main(String[] args) {
        try {
            KeyStore store = KeyStore.getInstance("PKCS12");
            char[] pwd = args[1].toCharArray();
            store.load(new FileInputStream(args[0]), pwd);
            KeyStore.PasswordProtection pp = new KeyStore.PasswordProtection(pwd);
            store.getEntry("alias", pp);
        } catch (Exception e) {
TagsNo tags attached.




2021-04-27 16:55

reporter   ~0038424

Tested using a recent version of Wildfly and the problem still happen on version of the Java package and jdk8u292-b10 from AdoptOpenJDK


2021-04-27 16:57

reporter   ~0038425

I should have added that the recent version is 23.0.1.Final

Issue History

Date Modified Username Field Change
2021-04-27 16:05 robmv New Issue
2021-04-27 16:55 robmv Note Added: 0038424
2021-04-27 16:57 robmv Note Added: 0038425