You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by Claus Ibsen <cl...@gmail.com> on 2021/07/04 08:54:57 UTC
Re: Failing FTP IT tests
Hi
I created a ticket about disabling those tests
https://issues.apache.org/jira/browse/CAMEL-16784
On Thu, Jun 24, 2021 at 9:08 AM Claus Ibsen <cl...@gmail.com> wrote:
>
> Hi
>
> Yeah we can disable the tests.
>
>
>
> On Wed, Jun 23, 2021 at 5:47 PM Karen Lease <ka...@gmail.com> wrote:
> >
> > Hi Otavio,
> >
> > According to [1], both TLS 1.0 & 1.1 are now disabled in Oracle Java.
> > SSLv3 has actually been disabled sinsce Java 8 I believe.
> > There is a related OpenJDK issue as well [2]. I also don't have access
> > to the CI server but it would make sense that it's updated to use the
> > latest Java versions.
> >
> > @Claus, would it make sense to disable the SSLv3 integration tests?
> >
> > 1. https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8202343
> > 2. https://bugs.openjdk.java.net/browse/JDK-8257122
> >
> > Regards,
> > Karen
> >
> > On 23/06/2021 17:17, Otavio Rodolfo Piske wrote:
> > > Hello Karen,
> > >
> > > Thanks for checking this! I can't say for sure because I don't have access
> > > to the CI server.
> > >
> > > In my case, I do have a custom java.security file that I use to run the
> > > tests (I do this because of some changes applied to Fedora some time ago
> > > [1]). It may be possible that a recent upgrade on the servers or their
> > > configurations changed the java.security there in a similar way to what
> > > Fedora did in the past.
> > >
> > > 1.
> > > https://www.orpiske.net/2020/12/sslhandshakeexception-no-cipher-suites-in-common/
> > >
> > > Kind regards
> > >
> > > On Wed, Jun 23, 2021 at 3:29 PM Karen Lease <ka...@gmail.com> wrote:
> > >
> > >> Hi all,
> > >> If it's of interest, I *can* reproduce the SSL errors in the camel-ftp
> > >> integration tests in my local environment.
> > >> After enabling javax.net.debug, the root cause is visible:
> > >>
> > >> javax.net.ssl|ERROR|01|main|2021-06-22 19:05:23.068
> > >> CEST|TransportContext.java:341|Fatal (HANDSHAKE_FAILURE): Couldn't
> > >> kickstart handshaking (
> > >> "throwable" : {
> > >> javax.net.ssl.SSLHandshakeException: No appropriate protocol
> > >> (protocol is disabled or cipher suites are inappropriate)
> > >> at
> > >>
> > >> java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:170)
> > >>
> > >> My java version is:
> > >> OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.20.04, mixed
> > >> mode, sharing)
> > >>
> > >> I found that most of the failing tests ran if I removed SSLv3 from the
> > >> property jdk.tls.disabledAlgorithms in the java.security file.
> > >>
> > >> However the tests using SSLContextParameters with the socketProtocol set
> > >> to SSLv3 still failed. This is because the SSLv3 is excluded by the
> > >> default filter in BaseSSLContextParameters and the only other available
> > >> protocol for the created sockets was TLSv1 which was also excluded in
> > >> the default java.security configuration.
> > >> By also removing that from the jdk.tls.disabledAlgorithms property those
> > >> tests pass as well.
> > >>
> > >> It seems normal that these old protocols are disabled on Java 11 or
> > >> later and that the IT tests fail. But if it works for Otavio & Claus, is
> > >> it due to a leniant java.security configuration or some other difference
> > >> in the system configuration?
> > >>
> > >> Regards,
> > >> Karen Lease
> > >>
> > >> On 21/06/2021 17:24, Otavio Rodolfo Piske wrote:
> > >>> @Claus
> > >>>
> > >>> I tried reproducing the FTP errors locally and I couldn't as well.
> > >> Neither
> > >>> locally nor on my own CI.
> > >>>
> > >>> If it doesn't get fixed by Thursday, I will try to take a look at it by
> > >>> Friday.
> > >>>
> > >>>
> > >>>
> > >>> On Mon, Jun 21, 2021 at 12:54 PM Claus Ibsen <cl...@gmail.com>
> > >> wrote:
> > >>>
> > >>>> Hi
> > >>>>
> > >>>> Okay so we are down to a few JIRAs for 3.11.
> > >>>>
> > >>>> On thing I wanted to bring up is that the CI server reports some SSL
> > >>>> errors with testing camel-ftp.
> > >>>> I cannot reproduce this locally
> > >>>>
> > >>>>
> > >> https://ci-builds.apache.org/job/Camel/job/Camel%20JDK11/job/main/lastCompletedBuild/testReport/
> > >>>>
> > >>>> The IOTA test errors is also due to security error as it seems the
> > >>>> online service it uses for testing is not accepting the certificate.
> > >>>>
> > >>>>
> > >>>>
> > >>>> --
> > >>>> Claus Ibsen
> > >>>> -----------------
> > >>>> http://davsclaus.com @davsclaus
> > >>>> Camel in Action 2: https://www.manning.com/ibsen2
> > >>>>
> > >>>
> > >>>
> > >>
> > >
> > >
>
>
>
> --
> Claus Ibsen
> -----------------
> http://davsclaus.com @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2
--
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2