You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "lqjacklee (JIRA)" <ji...@apache.org> on 2018/12/31 04:06:00 UTC
[jira] [Comment Edited] (HADOOP-16016)
TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16731155#comment-16731155 ]
lqjacklee edited comment on HADOOP-16016 at 12/31/18 4:05 AM:
--------------------------------------------------------------
Just ignore the exception is one solution. however the issue still be there, so I wonder you need change the enabled cipher suites. However there exist the security issue , we should just enable the ones (or all supported)? I want to submit the patch for us to review and update the solution .thanks .
{code:java}
private SSLEngineResult wrap(SSLEngine engine, ByteBuffer from,
ByteBuffer to) throws Exception {
String[] supportedCipherSuites = engine.getSupportedCipherSuites();
engine.setEnabledCipherSuites(supportedCipherSuites);
SSLEngineResult result = engine.wrap(from, to);
runDelegatedTasks(result, engine);
return result;
}
{code}
was (Author: jack-lee):
Just ignore the exception is one solution. however the issue still be there, so I wonder you need change the enabled cipher suites. However there exist the security issue , we should just enable the ones (or all supported). I want to submit the patch for us to review and update the solution .thanks .
{code:java}
private SSLEngineResult wrap(SSLEngine engine, ByteBuffer from,
ByteBuffer to) throws Exception {
String[] supportedCipherSuites = engine.getSupportedCipherSuites();
engine.setEnabledCipherSuites(supportedCipherSuites);
SSLEngineResult result = engine.wrap(from, to);
runDelegatedTasks(result, engine);
return result;
}
{code}
> TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
> ---------------------------------------------------------------------------
>
> Key: HADOOP-16016
> URL: https://issues.apache.org/jira/browse/HADOOP-16016
> Project: Hadoop Common
> Issue Type: Bug
> Components: security, test
> Environment: Java 1.8.0_191 or upper
> Reporter: Jason Lowe
> Assignee: Akira Ajisaka
> Priority: Major
> Attachments: HADOOP-16016-002.patch, HADOOP-16016.01.patch
>
>
> I have seen a couple of precommit builds across JIRAs fail in TestSSLFactory#testServerWeakCiphers with the error:
> {noformat}
> [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no cipher suites in common' but got unexpected exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org