Java applets do not work under SSL/HTTPS

This is probably partly a duplicate of #173966 which is about Sun's java plugin not registering correctly with Hardy's firefox 3. You probably just tried with old icedtea java plugin which has now been removed from the archive. Could you uninstall all icedtea-java7 packages and try reproducing this with new icedtea-gcjwebplugin ?

Nothing in bug #173966 was related, nor did any workaround affect anything: and plain HTTP did work, always. Probably cause is/was certificates.

Now, after removing all and installing icedtea-gcjwebplugin I see that a package called ca-certificates installed was included that wasn't there before.

And yes, it fixes the problem... kinda. Applets do load now, I think. At least the status message says so, but the browser hangs and stalls so much as soon as any applet been loaded, for any operation, that it's actually hard to tell, sorry.

It does seem that the SSL part is fixed with the new certs though, as far as I can tell. Thanks for the tip.

applettest works with firefox-3 and sun-java6-plugin. Assigning to icedtea-gcjwebplugin.

Hello

I have similar problem on Hardy AMD64 with FF3 32 bit running Sun JRE 1.6 32bit

Applets work ok when they are accessed through HTTP (http://www.java.com/en/download/help/testvm.xml works perfect)

Problems start with applets over HTTPS. For example this page will not run the applet (https://www.java.com/en/download/help/testvm.xml)

Interestingly when applet is signed then there are no issues (this works: https://jogl-demos.dev.java.net/applettest.html)

Best Regards,
Marcin

Hi

I finally discovered what is the issue here. In appears that in case of unsigned applets, the code is unable to access SunJCE provider which contains most of the ciphers used by SSL protocol. This means that a session with SSL server is broken and effectively applet is not initialised.

This problem is related to configuration of JRE under linux due to export control restrictions. Unfortunately I don't know how to make JRE to use SunJCE by default.

As a workaround I have set up the following policies using Policy Manager:

grant {
  permission java.security.SecurityPermission "putProviderProperty.SunJCE";
};

grant {
  permission java.lang.RuntimePermission "getProtectionDomain";
};

grant {
  permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
};

I don't know how insecure my actions are, but this definitely fixed problems with applets under SSL / HTTPS.

Feel free to send me your ideas how to fix this issue in more elegant way.

Best,
Marcin

https://jogl-demos.dev.java.net/applettest.html works for me with icedtea6-plugin in the openjdk PPA.

... and ca-certficates-java package installed.

fixed in 6b12~pre2