While I successfully opened a JNLP file with Java to get the console access to a remote server this afternoon, Java prompted me there was a upgrade. As usual, I didn’t pay much attention to what the upgrade is and I just clicked the “Upgrade now”. When the upgrade was completed, I tried to reopen that JNLP file again then I kept getting the same error message:
“Unsigned application requesting unrestricted access to system. The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned: … …”
After did some search on google, the root cause was, in the version 8 update 131, JAR files signed with MD5 algorithms are treated as unsigned JARs, as explained here.
I cannot wait the vendor to update the JNLP file (dunno know when they will update it), and I don’t like to downgrade to the older Java either.
So, after some digging, I just found a quick (but temporary) solution:
Just comment out the setting of “jdk.jar.disabledAlgorithms” in the file of”lib/security/java.security” (which is located at “/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/java.security, on my MacOS 10.12)
# jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
After that, the JNLP file will be running as usual again.