Hi Frank Swarbrick,

It looks like you are missing a reference to the bouncy castle providers.  Have a look at the VHI Documentation for the Java Requirements here .  Unfortunately, it looks like we had a certificate expire on this document site so you you will have to make an exception to view the document.  I will see if I can get that issue addressed ASAP.

I believe this is what you need from the doc:

Importing the AppConn Java Classes

To use the AppConn interfaces, add the following statement into your classes:

import com.wrq.apptrieve.appconn.*;
import com.wrq.apptrieve.agent.*;
import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import java.security.Security;

Adding the Bouncy Castle security provider

security.addProvider(new BouncyCastleFipsProvider());
security.addProvider(new BouncyCastleJsseProvider());

Additionally, I think the following three bouncy castle jars are required –

bc-fips-1.0.1.jar

bcpkix-fips-1.0.0.jar

bctls-fips-1.0.3.jar

Regards,

Jeff B

I'll try it out.  Is this a relatively new requirement?  We have had VHI running in production for many years, and no one here knows anything about any "Bouncy Castle" requirement for those environments.

This works, with one minor tweak.  In the following, "Security" needs a capital 'S':

Security.addProvider(new BouncyCastleFipsProvider());
Security.addProvider(new BouncyCastleJsseProvider());

This does display (when executed from a batch java program, anyway) the following.

When using the VHI supplied JRE (openjdk version "1.8.0_232"):

Mar 31, 2021 5:04:09 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
INFO: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULLMar 31, 2021 5:04:09 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
INFO: Found string security property [jdk.certpath.disabledAlgorithms]: MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

Mar 31, 2021 5:04:09 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNING: Ignoring unsupported entry in 'jdk.certpath.disabledAlgorithms': SHA1 jdkCA & usage TLSServer

When using  Oracle's JRE (java version "1.8.0_281"):

Mar 31, 2021 5:06:16 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
INFO: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves

Mar 31, 2021 5:06:16 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNING: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': include jdk.disabled.namedCurves

Mar 31, 2021 5:06:16 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
INFO: Found string security property [jdk.certpath.disabledAlgorithms]: MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, include jdk.disabled.namedCurves

Mar 31, 2021 5:06:16 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNING: Ignoring unsupported entry in 'jdk.certpath.disabledAlgorithms': SHA1 jdkCA & usage TLSServer

Mar 31, 2021 5:06:16 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNING: Ignoring unsupported entry in 'jdk.certpath.disabledAlgorithms': include jdk.disabled.namedCurves

One additional comment.  It looks like by default, security is now required for Javabeans connecting to VHI.  This can be turned off during the Web Builder process by editing the Java Beans properties of the Project and unchecking "Require encrypted connection to the VHI server".  I don't see this documented anywhere.  This in turn will change the bean.properties line "requiresecureconnection=true" to "requiresecureconnection=false".

Not that security isn't preferred, but I think this is worth mentioning.