Infinite Tracing requires special configuration of Java Cryptographic Extensions (JCE) for certain older versions of Java. This document provides guidelines on how to configure Java in this case.
For security and performance, New Relic strongly recommends upgrading to the latest Java 8 update. For HotSpot-based JVMs, none of the steps below are required after 8u251.
When to configure Java Cryptography
You must follow this process if you meet ALL of the criteria below:
You are implementing Infinite Tracing
Your JVM does not support Application-Layer Protocol Negotiation (ALPN). New Relic has identified that these JVMs do not support ALPN and require configuration:
Oracle Java 7
Oracle Java 8 prior to update 251
OpenJDK Java 8 prior to update 252
New Relic has only confirmed that the JVMs above lack ALPN support. You should confirm with your vendor if ALPN support is present in your JVM.
If you use Tomcat, WebSphere, Weblogic, or another application server, refer to your application server's documentation about how to add a Java Cryptography Extension (JCE) in your application server.
Configure the export policy for Oracle JVMs
Older Oracle JVMs require an extra update to allow JCE. Consult this Oracle TechNote for downloads and instructions.
Configuring Conscrypt for HotSpot JVMs
New Relic has successfully tested OpenJDK Java 8 with Conscrypt. Complete the following:
Download the appropriate Conscrypt jar for your operating system.
Copy the Conscrypt jar to
JAVA_HOME/jre/lib/ext. This directory should already exist, but if it doesn't, look for a directory named
Edit the file
Under the lines that start with
security.provider, increment the last number, and set the value to
org.conscrypt.OpenSSLProvider. For example, if the last entry was
security.provider.10, add this line:security.provider.11=org.conscrypt.OpenSSLProvider
Finish setting up Infinite Tracing
When you finish these preliminary configurations, return to Language agents: Enable distributed tracing to finish setting up Infinite Tracing.