Friday, August 19, 2022

AppDynamics Agent Instrumentation for Java 6 Applications

AppDynamics Agent can monitor Java 6 applications. However, modern applications does not supporting TLS version older than TLS 1.2. So, the SaaS controller does not support using TLS 1.1, TLS 1.0, and SSH 3. On the other hand, being an 2006 technology, Java 6 does not support TLS 1.2 out-of-the-box.

Upgrading the JVM seems to be an obvious solution. However, it might not be possible as it would involve a lot of effort to re-test. Some library might not even compatible with newer JVM.

Fortunately, we can make use of Java's pluggable cryptography extension (JCE) and Java Secure Socket Extension (JSSE). Bouncy Castle is one of the library to provider of the security feature [ref: stackoverflow.com].

The following Dockerfile demonstrate the following:

  1. Use yannart/jboss-5.1.0.ga-jdk6 as the base image
  2. Copy the content of AppServerAgent to /opt/appdynamics
    • Java agent is separately downloaded
    • controller-info.xml shall be configured 
  3. Download and install jurisdiction policy files for "unlimited strength" cryptography
  4. Download and install Bouncy Castle 1.66
  5. Copy the java.security file
  6. Configure Java agent instrumentation via environment variable

The changes of the java.security is as follows:

  1. Set the priority of Bouncy Castle as the first provider of JCE and JSSE
  2. Set the default SocketFactory

For what it's worth, here is the full java.security file:

No comments: