Known Issues and Platform Notes for Ice 3.7.1
This page describes known issues and platform-specific notes for this Ice release.
On this page:
Java
Socket connection issue in Android emulator
An Ice application that attempts to connect to an invalid address can generate "spurious wakeup" messages in logcat when running under an emulator for Android 4.2 or later. This issue does not occur on hardware devices, however you can still experience lengthy delays before receiving an exception. As a defensive measure, it is a good idea to always set reasonable timeouts on your proxies to avoid unexpected delays.
Android Bluetooth limitations
A process can only establish one Bluetooth connection at a time to a particular remote endpoint. The process can have multiple connections open at the same time, but each of those connections must be to a different endpoint.
Anonymous Diffie Hellman ciphersuites
Recent versions of Java require low-strength ADH ciphersuites to be disabled when using TLS 1.0. It is no longer sufficient to use this IceSSL configuration:
IceSSL.Ciphers=NONE (DH_anon) IceSSL.VerifyPeer=0
We recommend using this setting instead:
IceSSL.Ciphers=NONE (DH_anon.*AES) IceSSL.VerifyPeer=0
Entropy pool causes hangs
When using the Ice for Java SSL plug-in (IceSSL), you may experience occasional hangs. The most likely reason is that your system's entropy pool is empty. If you have sufficient system privileges, you can solve this issue by editing the file java.home
/jre/lib/security/java.security
and changing it to use /dev/urandom
instead of /dev/random
. If you do not have permission to modify the security file, you can also use the command-line option shown below:
java -Djava.security.egd=file:/dev/urandom MyClass ...
IPv6 hang
On systems with IPv6 enabled, you may experience occasional hangs the first time an Ice object adapter is activated within a JVM. A work-around is to disable IPv6 support by setting the Java property java.net.preferIPv4Stack
to true. For example:
java -Djava.net.preferIPv4Stack=true MyClass ...
Linux
Bluetooth limitations
A process can only establish one Bluetooth connection at a time to a particular remote endpoint. The process can have multiple connections open at the same time, but each of those connections must be to a different endpoint.
.NET Core IPv6 multicast
A bug in the .NET Core Socket implementation for Linux can cause a Socket exception when you set the interface endpoint option on a IPv6 multicast endpoint. Please refer to https://github.com/dotnet/corefx/issues/25525 for additional details.
.NET Core SSL/TLS certificate chains
A bug in the .NET Core SslStream
implementation for Linux can cause a peer to receive a partial chain when the certificate chain contains intermediate certificates. Please refer to https://github.com/dotnet/corefx/issues/25581 for additional details.
Windows
Anti-Virus when testing WebSocket
If your anti-virus intercepts http
traffic on localhost, a number of tests in the Ice test suite may fail due to timeouts when running the test suite with the ws
(WebSocket) protocol. The work-around is to disable the "web access protection" feature of the anti-virus entirely or at least for localhost (127.0.0.1).
Multicast and Windows Store Apps
Network isolation for Windows Store Apps blocks multicast datagrams on the loopback interface. As a result, IceDiscovery and IceLocatorDiscovery won't be able to discover peers listening on the loopback interface.
TLS 1.2 with Windows 7, Windows 8.1 and Windows Server 2012
A bug in SChannel's implementation of TLS 1.2 that affects Windows versions prior to Windows 10 can result in SSL handshake failures when client and server negotiate a DHE-based cipher suite. Applications can work around this by disabling DHE cipher suites. See the links below for more information about this issue:
- https://connect.microsoft.com/IE/feedback/details/1253526/tls-serverkeyexchange-with-1024-dhe-may-encode-dh-y-as-127-bytes-breaking-internet-explorer-11
- https://github.com/dotnet/corefx/issues/7812#issuecomment-305848835