Open Microscopy Environment

Hello,

I get the following error message when running omero import file:

Code: Select all

Ice.SecurityException: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

Any idea what the issue is?

Thanks!
Josh T

Our system:

Linux mprocessor1 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64

Full error message:

Code: Select all

2019-04-12 15:08:16,098 327        [      main] INFO          ome.formats.importer.ImportConfig - OMERO Version: 5.4.10-ice36-b105
2019-04-12 15:08:16,115 344        [      main] INFO          ome.formats.importer.ImportConfig - Bioformats version: 5.9.2 revision: 9fc607f85b8900be786813296f1eee75cc1ed883 date: 31 August 2018
2019-04-12 15:08:16,185 414        [      main] INFO   formats.importer.cli.CommandLineImporter - Log levels -- Bio-Formats: ERROR OMERO.importer: INFO
2019-04-12 15:08:16,623 852        [      main] INFO      ome.formats.importer.ImportCandidates - Depth: 4 Metadata Level: MINIMUM
2019-04-12 15:08:16,739 968        [      main] INFO      ome.formats.importer.ImportCandidates - 1 file(s) parsed into 1 group(s) with 1 call(s) to setId in 111ms. (116ms total) [0 unknowns]
2019-04-12 15:08:17,061 1290       [      main] INFO       ome.formats.OMEROMetadataStoreClient - Attempting initial SSL connection to omero1.bioch.ox.ac.uk:4064
2019-04-12 15:08:17,478 1707       [      main] ERROR  formats.importer.cli.CommandLineImporter - Error during import process.
Ice.SecurityException: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
   at IceInternal.AsyncResultI.__wait(AsyncResultI.java:276) ~[ice.jar:na]
   at Ice.ObjectPrxHelperBase.end_ice_isA(ObjectPrxHelperBase.java:310) ~[ice.jar:na]
   at Ice.ObjectPrxHelperBase.ice_isA(ObjectPrxHelperBase.java:92) ~[ice.jar:na]
   at Ice.ObjectPrxHelperBase.ice_isA(ObjectPrxHelperBase.java:69) ~[ice.jar:na]
   at Ice.ObjectPrxHelperBase.checkedCastImpl(ObjectPrxHelperBase.java:2810) ~[ice.jar:na]
   at Ice.ObjectPrxHelperBase.checkedCastImpl(ObjectPrxHelperBase.java:2770) ~[ice.jar:na]
   at Glacier2.RouterPrxHelper.checkedCast(RouterPrxHelper.java:1787) ~[glacier2.jar:na]
   at omero.client.getRouter(client.java:826) ~[blitz.jar:na]
   at omero.client.createSession(client.java:747) ~[blitz.jar:na]
   at omero.client.joinSession(client.java:682) ~[blitz.jar:na]
   at ome.formats.OMEROMetadataStoreClient.initialize(OMEROMetadataStoreClient.java:700) ~[blitz.jar:na]
   at ome.formats.importer.ImportConfig.createStore(ImportConfig.java:380) ~[blitz.jar:na]
   at ome.formats.importer.cli.CommandLineImporter.<init>(CommandLineImporter.java:170) ~[blitz.jar:na]
   at ome.formats.importer.cli.CommandLineImporter.main(CommandLineImporter.java:991) ~[blitz.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
   at sun.security.ssl.Handshaker.activate(Handshaker.java:509) ~[na:1.8.0_212]
   at sun.security.ssl.SSLEngineImpl.kickstartHandshake(SSLEngineImpl.java:714) ~[na:1.8.0_212]
   at sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:741) ~[na:1.8.0_212]
   at IceSSL.SSLEngine.createSSLEngine(SSLEngine.java:856) ~[ice.jar:na]
   at IceSSL.Instance.createSSLEngine(Instance.java:42) ~[ice.jar:na]
   at IceSSL.ConnectorI.connect(ConnectorI.java:30) ~[ice.jar:na]
   at IceInternal.OutgoingConnectionFactory$ConnectCallback.nextConnector(OutgoingConnectionFactory.java:1101) ~[ice.jar:na]
   at IceInternal.OutgoingConnectionFactory$ConnectCallback.access$100(OutgoingConnectionFactory.java:868) ~[ice.jar:na]
   at IceInternal.OutgoingConnectionFactory.getConnection(OutgoingConnectionFactory.java:569) ~[ice.jar:na]
   at IceInternal.OutgoingConnectionFactory.access$800(OutgoingConnectionFactory.java:14) ~[ice.jar:na]
   at IceInternal.OutgoingConnectionFactory$ConnectCallback.getConnection(OutgoingConnectionFactory.java:1048) ~[ice.jar:na]
   at IceInternal.OutgoingConnectionFactory$ConnectCallback.connectors(OutgoingConnectionFactory.java:932) ~[ice.jar:na]
   at IceInternal.EndpointHostResolver$1.run(EndpointHostResolver.java:103) ~[ice.jar:na]
   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[na:1.8.0_212]
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[na:1.8.0_212]
   at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_212]


Dear Josh,

Does CLI import start working if you use the "--skip upgrade" option?

Cheers,
Mark

Yes it does work with the --skip upgrade flag.

What does that mean?

Thanks for the quick reply/solution Mark!
j

Dear Josh,

When people's Java installations got routinely updated to versions that effect JDK-8211883 by disabling anonymous cipher suites OMERO client code needed to be adjusted to reenable them again for the connection to the server. "--skip upgrade" skips the upgrade check by which OMERO clients check if there is a new version of OMERO available: unfortunately that check initializes the Java SSL engine before OMERO 5.4.10 reenables anonymous cipher suites so then that happens too late. (Our Python-based OMERO.cli import uses Java code for the actual import.) In skipping the check, the suites are reenabled before anything initializes the SSL engine so that the change does take effect for the subsequent TLS exchange. This will be fixed in OMERO 5.5.0 so the reenabling happens before the upgrade check and you won't then need the workaround.

Cheers,
Mark

Excellent, thank you for the thorough explanation!
j