HomePhorge
Emblem Modules, Java and SSL

If you aren't aware, I publish a NetBeans plug-in module called Emblem Modules. The project can be found in the Echo 3 templates folder. The module includes a single Echo Templates wizard that uses the EchoApplication template (both also found in the same location).

The purpose of the module is to provide project wizards and any other Echo related extensions to NetBeans. At the moment it is just the single Echo application template. The template sets up a simple two state graphics application that demonstrates a few Echo basics, but is also a good starting point for a project.

For a while now the modules have been unavailable to be automatically downloaded and updated through NetBeans (you could build and install manually still). The modules weren't available due to update in our security certificates changing from 128bit encryption to 256bit encryption over https. Why would changing to a (standard) stronger certificate stop NetBeans from accessing our server to download a updates?

It turns out, Java has some restriction that prevent it from using whatever security encryption method and strength that you want. This is due to some legal reasons that I still do not fully understand.

You can apparently set up "unlimited security" on your Java Runtime Environment (JRE) however I did not have any success in doing so (I did manage to verify that I was a following the instructions properly and I editing a the correct files). So I haven't offered those instructions, buy if you find a solution to accessing over https though, I'd sure like to know. I'd prefer a solution that didn't require any effort for end users (developers) beyond adding Emblem Modules to the plugin repositories. I'm happy to change server settings as needed, except we don't have control over the CDN certificate and I'd prefer not to drop back to a 128bit certificate.

Anyway, the good news is that I've made the modules available over http without encryption see the wiki page. The bad news is that if someone is pretending to be our server to get you to install a malicious NetBeans module then you could be at risk... I suspect the risk is relatively low, at least at this stage.

Written by 0xseantasker on Jun 21 2017, 11:59 PM.
User
Projects
  • Restricted Project
Subscribers
None

Event Timeline

NOTE: NetBeans 11+ supports newer certificates and our https repository works fine. You can use the 8.2 plugins in 11.0, 11.1 and 11.2 to enable C++ support then add the Emblem modules repository and install Echo's templates.