Forum Discussion
Java RDP applet through APM stops working after update to 8v131
We have been using the RDP applet on a webtop portal page (APM) for quite some time now. However, since the Java update to 8u131 the applet can no longer be used.
The error message is: "Your security settings have blocked an untrusted application from running. The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned: "
After adding the domein to the exception list of on the java client (as a workaround) it does continue but after opening the RDP client the F5 page throw the following error: "access denied ("java.util.logging.LoggingPermission" "control")"
We clearly did miss something since I cannot find any other sources claiming to have this problem. I did find a source claiming this change would be made in Java 8u131: http://www.infoworld.com/article/3159186/security/oracle-to-java-devs-stop-signing-jar-files-with-md5.html
We are running quite an old version of the BIG-IP software: BIG-IP 11.5.4 Build 2.0.291 Hotfix HF2
Is this solved in a later release (in the 11.5.4 branch)? I did stroll through the release notes but did not find anything mentioning resigning the applets. Any ideas?
- NetworkTeam_178Nimbostratus
I have literally the EXACT same issue for a customer.
Did you manage to solve it?
- Thijs_van_HamNimbostratus
Unfortunately not yet, I am considering upgrading to 11.5.4 HF4 tonight but my guess is that it is most likely resolved in a later release which we cannot upgrade to at this moment.
- NetworkTeam_178Nimbostratus
Im running 11.6.4 and having same issue.
I will raise a ticket with F5 and let you know the outcome
- Jad_Tabbara__J1Cirrostratus
Hello,
Could you share client's OS ?
Thanks
- Thijs_van_HamNimbostratus
We use Windows 10 x64 build 1703 and build 1607.
- Jad_Tabbara__J1Cirrostratus
Then why are you using Java RDP since you can use the windows 10 default RDP client (mstsc) ?
- Jad_Tabbara__J1Cirrostratus
Normally you will need to use Java RDP for non-windows OS (ex. MAC OS).
For Windows clients, it is better to use the windows RDP default client (mstsc).
So I think you must adapt your VPE by doing following steps :
1) Detect which type of client OS it is initiating the connection VPE ITEM NAME "Client OS" Note: you can keep just two branch the "windows" one and the fallback one.
2) Duplicate your RDP ressources by creating both "RDP_without_java" and "RDP_java"
3) "Client OS" --> Branch 1 "Windows" --> "Advanced Ressource Assign" (choose RDP_without_java) --> Branch 2 "Fallback" --> "Advanced Ressource Assign" (choose RDP_java)
In this way you will be able to cover all needs using both Java RDP and default RDP. Also you are limiting the impact to non-windows OS
Hope it helps
Regards
- Thijs_van_HamNimbostratus
Seems like that updating to 11.5.4 HF4 did resolve this issue. The applet is now signed with the SHA256withRSA algorithm. From what I heard it is not directly mentioned in any of the release notes.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com