Limitations

Processing single stream compressed data

Processing single stream compressed data of gzip, bzip2, lz4 and xz compression algorithms is supported for files with up to 2 Gb plaintext size.

See more details at Working with Compressed Data.

SSL/TLS/Kerberos connectivity problems

If you are running SpectX on JVM with version below 8u161 and observe any of the following exceptions below when connecting to data sources using secure protocols with strong encryption algorithms:

javax.net.ssl.SSLHandshakeException: Received fatal alert: insufficient_security
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    ...
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: insufficient_security
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    ...
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    ...
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    ...
Caused by: java.lang.RuntimeException: Could not generate DH keypair
    at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:142)
    ...
Caused by: java.security.InvalidAlgorithmParameterException: DH key size must be multiple of 64, and can only range from 512 to 2048 (inclusive). The specific key size 4096 is not supported
    at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:128)
    ...
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    ...
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    ...
org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
    ...
Caused by: KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled
    at sun.security.krb5.EncryptionKey.findKey(Unknown Source)
    ...

then most likely cause is that your JVM is not provisioned for Java unlimited cryptography.

To verify this is the case check from SpectX debug log for message:

"Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy is not enabled"

at startup.

To resolve the issue you need either:

Native libraries unavailability

If you are running SpectX on a host where directory for temporary files (/tmp) is mounted with noexec option, you may encounter an issues with unavailability of native decompression libraries (Zlib/Bzip2). By default, SpectX process uses the system-provided temporary directory to extract required libraries to, but such security settings prevent it to launch the extracted libraries from the directory, which results in java.lang.UnsatisfiedLinkError with message “failed to map segment from shared object: Operation not permitted” which can be observed in error logs.

To resolve the issue, please provide another temporary directory to be used for storing and executing bundled native libraries, and specify its location with “jna.tmpdir” system property for SpectX in environment script as follows:

JAVA_OPTS="${JAVA_OPTS} -Djna.tmpdir=/path/to/tmp/dir"

Alternatively, you might specify full paths to required libraries at executable location in the script with the following properties:

  • com.spectx.zlib.path - path to zlib library/dll
  • com.spectx.bzip2.path - path to bzip2 library/dll

as follows:

JAVA_OPTS="${JAVA_OPTS} -Dcom.spectx.zlib.path=/path/to/zlib.so -Dcom.spectx.bzip2.path=/path/to/bzip2.so"