Aladin Astronomy Software - Java Problem

eve7 · December 14, 2021, 9:41am

Hey all,

I am running Fedora 35 Workstation. I have downloaded
java-1.8.0-openjdk.x86_64 and
java-11-openjdk.x86_64 to run Aladin Software.

My question is kind of exactly the same question given by this:

My error is something like this:

Aladin is developed by Pierre Fernique, Thomas Boch, Anaïs Oberto, François Bonnarel and Chaitra
  (c) 2020 Université de Strasbourg/CNRS - developed by CDS, distributed under GPLv3
Your JVM release is java 11.0.13 / Red Hat, Inc.
Caching not available for [https://vizier.cds.unistra.fr/viz-bin/asu-xml/V1.1?-meta.aladin=all] !!!
metaDataQuery : javax.net.ssl.SSLHandshakeException: Certificates do not conform to algorithm constraints
javax.net.ssl.SSLHandshakeException: Certificates do not conform to algorithm constraints
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:287)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1426)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1336)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421)
	at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:572)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1592)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
	at cds.tools.Util.openConnectionCheckRedirects1(Util.java:277)
	at cds.tools.Util.access$000(Util.java:126)
	at cds.tools.Util$OpenConnection.run(Util.java:254)
Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
	at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1681)
	at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1606)
	at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1550)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341)
	... 19 more
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: SHA1withRSA
	at java.base/sun.security.provider.certpath.AlgorithmChecker.check(AlgorithmChecker.java:237)
	at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1677)
	... 22 more
VizieR meta query error javax.net.ssl.SSLHandshakeException: Certificates do not conform to algorithm constraints

The given answers to that problem suggests to change the crypto-policies, however I do not want to to that for the security reasons. So is there any other way to solve the problem…? Is it safe to change the crypto-policies …?

alciregi · December 14, 2021, 10:46am

You have two choices:

change the crypto-policies on your system, yes^[1]
ask to and hope that Aladin folks deploy a more modern certificate

for the security reasons: it doesn’t expose your system to external attacks, but it simply allow to accept less secure certificates signed with deprecated and weak algorithms. If you are concerned, the alternative you have is to not use sites and services that provides such certificates. ↩︎

eve7 · December 14, 2021, 3:23pm

Well I’ll try to contact with them. Hope they can manage to change something…

eve7 · December 15, 2021, 3:04pm

Hey again, I have asked them, however no reply so far. I wonder if the problem cannot be due to my browser or browser settings, right?

Topic		Replies	Views
Website broken: unsupported hash algorithm Ask Fedora	3	1378	June 17, 2021
Status of Eclipse in Fedora Ask Fedora f31	6	774	January 26, 2020
Does Fedora support a Java that still supports AWT Ask Fedora f34	1	654	June 13, 2022
Prohibited Client Endianness message while using X11 applications from Fedora 38 to Oracle SPARC Solaris 11.x Ask Fedora f38	11	410	May 20, 2023
Javaws and/or icedtea package not available Ask Fedora f36	2	1654	October 15, 2022

Aladin Astronomy Software - Java Problem

Related Topics