Details
-
Bug
-
Resolution: Done
-
Major
-
JBossAS-3.2.6 Final
-
None
-
None
Description
SourceForge Submitter: dcartier .
JBoss 3.0.7 & 3.2.0 use the SecureRandom("SHA1PRNG")
algorithm.
The IBM JDK 1.4.0 does not provide this particular
algorithm. It does however provide the
"IBMSecureRandom" version that is based on MD5.
The places in JBoss SHA1PRNG is used are:
org.jboss.ha.httpsession.server.ClusteredHTTPSessionService
org.mortbay.http.j2ee.session.GUIDGenerator
org.mortbay.http.SunJsseListener
org.jboss.security.Util
org.jboss.test.TestJCE
org.jboss.test.TestJCEIntegration
I have tested it by having both algorithms tried in
succession and only throwing an exception if they both
fail and it works ( for
org.jboss.ha.httpsession.server.ClusteredHTTPSessionService).
Have not tested the other places (Jetty) as I use Tomcat.
Dennis