You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "John Zhuge (JIRA)" <ji...@apache.org> on 2016/12/08 18:34:59 UTC
[jira] [Created] (HADOOP-13874) TestSSLHttpServer failures
John Zhuge created HADOOP-13874:
-----------------------------------
Summary: TestSSLHttpServer failures
Key: HADOOP-13874
URL: https://issues.apache.org/jira/browse/HADOOP-13874
Project: Hadoop Common
Issue Type: Bug
Components: security, test
Affects Versions: 3.0.0-alpha2
Reporter: John Zhuge
Assignee: John Zhuge
Priority: Critical
All exceptions look like "Cannot support ... with currently installed providers". I am running Centos 7.2.1511 and native enabled.
{noformat}
Tests run: 5, Failures: 0, Errors: 3, Skipped: 0, Time elapsed: 1.593 sec <<< FAILURE! - in org.apache.hadoop.http.TestSSLHttpServer
testExclusiveEnabledCiphers(org.apache.hadoop.http.TestSSLHttpServer) Time elapsed: 0.012 sec <<< ERROR!
java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA with currently installed providers
at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461)
at org.apache.hadoop.http.TestSSLHttpServer$PrefferedCipherSSLSocketFactory.createSocket(TestSSLHttpServer.java:269)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:436)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at org.apache.hadoop.http.TestSSLHttpServer.testExclusiveEnabledCiphers(TestSSLHttpServer.java:227)
testOneEnabledCiphers(org.apache.hadoop.http.TestSSLHttpServer) Time elapsed: 0.004 sec <<< ERROR!
java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_RC4_128_SHA with currently installed providers
at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461)
at org.apache.hadoop.http.TestSSLHttpServer$PrefferedCipherSSLSocketFactory.createSocket(TestSSLHttpServer.java:269)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:436)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at org.apache.hadoop.http.TestSSLHttpServer.testOneEnabledCiphers(TestSSLHttpServer.java:200)
testExcludedCiphers(org.apache.hadoop.http.TestSSLHttpServer) Time elapsed: 0.015 sec <<< ERROR!
java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_RC4_128_SHA with currently installed providers
at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461)
at org.apache.hadoop.http.TestSSLHttpServer$PrefferedCipherSSLSocketFactory.createSocket(TestSSLHttpServer.java:269)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:436)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at org.apache.hadoop.http.TestSSLHttpServer.testExcludedCiphers(TestSSLHttpServer.java:176)
{noformat}
My source tree sync'd to:
{noformat}
9ef89ed HDFS-11140. Directory Scanner should log startup message time correctly. Contributed by Yiqun Lin.
{noformat}
My SSL environment:
{noformat}
$ curl -sS https://www.howsmyssl.com/a/check | python -m json.tool
{
"able_to_detect_n_minus_one_splitting": false,
"beast_vuln": false,
"ephemeral_keys_supported": true,
"given_cipher_suites": [
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA256",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_RSA_WITH_RC4_128_SHA",
"TLS_RSA_WITH_RC4_128_MD5"
],
"insecure_cipher_suites": {
"TLS_RSA_WITH_RC4_128_MD5": [
"uses RC4 which has insecure biases in its output"
],
"TLS_RSA_WITH_RC4_128_SHA": [
"uses RC4 which has insecure biases in its output"
]
},
"rating": "Bad",
"session_ticket_supported": false,
"tls_compression_supported": false,
"tls_version": "TLS 1.2",
"unknown_cipher_suite_supported": false
}
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org