Customers who upgrade Java on the PC's they use to connect to the Raritan Multi Platform Client (aka "MPC"), may have noticed difficulty connecting to the KVM over IP units. Customers will be unable to connect to the device, but will not receive a message indicating the username/password was rejected, instead only receiving a connection terminated screen, IE:
This is due to Java disabling default support for TLS1.0 as of Java release "8u291". The Raritan DKX2 units rely on TLS 1.0 to connect between the Java client, and the hardware KVM servers. Unfortunately the DKX2 based KVM's are running the latest firmware (and do not have built-in support TLS1.2/1.3). The java release notes for "8u291" indicate this change:
"Other notes: Disable TLS 1.0 and 1.1 for Java Plugin Applets and Java Web Start Applications
TLS 1.0 and 1.1 have been disabled. These protocols are NOT used by
Java Plugin applets and Java Web Start applications by default. In case
of any issues there is an option to re-enable the protocols via Java
Control Panel."
While customers can remedy this by downgrading Java on the host to Java release "8u281" or earlier, and everything will work again as expected, this may pose other issues (depending on what else uses Java, or security policies that need to be adhered to, etc.).
While the Java release notes indicate "there is an option to re-enable the protocols via the Java Control Panel", the Windows Java release (and possibly other releases?) of Java require additional steps to re-enable TLS1.0, which are not documented in the release notes. In order to address this, one must do the following:
#1 - Open the "Configure Java" app (as Administrator):
- Select the "Advanced Tab"
- Scroll down to the heading "Advanced Security Settings"
- Click the checkbox on the heading that says "Use TLS 1.0"
#2 - Locate the "Java.security" file - this file will be installed where Java has been installed. On Windows 10 machines (as an example), this file will be located under: "
C:\Program Files\Java\[java release version]\lib\security\java.security", on MacOS the user should use the finder tool to locate said file.
- Once the java.security file has been located, open up a text editor with Administrator privileges, typically "notepad" in windows.
- Look for the line starting with "
jdk.tls.disabledAlgorithms", it should not be a line commented out with the "#" symbol at the start.
- Within that line (or on any immediately following lines appended to the first line with a ", \"), there should be a number of algorithms which have been disabled, including "TLS1.0". Remove the "TLS1.0" from that line.
- Save the .security file, and exit
- Shut down anything running Java, specifically including the MPC and restart. If in doubt, restart the PC running Java.
After both steps #1 and #2 have been completed, any known/current version of Java should be able to connect to the Raritan DKX2 KVM over IP dongles, VIA the Raritan MPC once again. No additional intervention/changes should be necessary beyond this point.
