Updating ACS to work with the MD5 algorithm after Oracle April 2017 patches 7u141 and 8u131

In April 2017, the Oracle Systems Java Platform Group released a pair of critical Java patches, 7u141 and 8u131, to fix security problems in the Oracle Java Runtime Environment (JRE).

From now on Oracle systems will no longer trust JAR files signed using the MD5 password security algorithm.

That means that any JAR files used in Adobe Content Server (ACS) that are signed using MD5 will no longer be considered signed and trusted by Oracle. If you continue to use ACS JAR files signed using MD5, the Oracle JRE will block any processes that use them from executing, and display an error message, "Self-integrity check failed."

As ACS uses several JAR files internally that are signed with MD5 signatures, with this software update some ACS functions will no longer run properly.

If you must update the Java libraries, Adobe Systems recommends making an edit that will enable the Oracle JRE to trust JAR files signed using MD5. This change is only required if you are using Java 7u141, Java 8u131 or higher.

Edit the file called Java.Security. Look for line 548. You should see this line of code:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

Change this line to remove the reference to MD5:

jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024

Save the file and then restart Tomcat.

As soon as we hear from Adobe Systems regarding a permanent update to the ACS software to respond to the problem with JAR files signed using MD5, we will provide an update.