You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Robbie Gemmell (Jira)" <ji...@apache.org> on 2021/08/18 10:03:00 UTC

[jira] [Updated] (ARTEMIS-3038) unwind defunct changes from ARTEMIS-1264

     [ https://issues.apache.org/jira/browse/ARTEMIS-3038?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robbie Gemmell updated ARTEMIS-3038:
------------------------------------
        Fix Version/s:     (was: 2.18.0)
    Affects Version/s: 2.18.0
          Description: 
The changes made in ARTEMIS-1264 are essentially defunct and should be unwound. The Kerberos TLS cipher suites were already not recommended for use at the time due to being weak, they had already been removed entirely from Java 11 by then, and have been disabled by default in Java 8 releases for some time now.

 The related tests have already been removed as they were failing, then ignored, and essentialy couldnt run anywhere. The non-test changes are now untested and essentially defunct already, but once releases require Java 11 they will become entirely unusable.

 

Originally described with "CoreClientOverOneWaySSLKerb5Test#testOneWaySSLWithGoodClientCipherSuite is failing....  I set the test with an ignore .. until we investigate what we should do."

  was:
CoreClientOverOneWaySSLKerb5Test#testOneWaySSLWithGoodClientCipherSuite is failing because of:

 

[https://www.oracle.com/security-alerts/poodlecve-2014-3566.html]

 

I set the test with an ignore .. until we investigate what we should do.

              Summary: unwind defunct changes from ARTEMIS-1264  (was: Investigate CoreClientOverOneWaySSLKerb5Test#testOneWaySSLWithGoodClientCipherSuite)

> unwind defunct changes from ARTEMIS-1264
> ----------------------------------------
>
>                 Key: ARTEMIS-3038
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3038
>             Project: ActiveMQ Artemis
>          Issue Type: Task
>    Affects Versions: 2.18.0
>            Reporter: Clebert Suconic
>            Assignee: Gary Tully
>            Priority: Major
>
> The changes made in ARTEMIS-1264 are essentially defunct and should be unwound. The Kerberos TLS cipher suites were already not recommended for use at the time due to being weak, they had already been removed entirely from Java 11 by then, and have been disabled by default in Java 8 releases for some time now.
>  The related tests have already been removed as they were failing, then ignored, and essentialy couldnt run anywhere. The non-test changes are now untested and essentially defunct already, but once releases require Java 11 they will become entirely unusable.
>  
> Originally described with "CoreClientOverOneWaySSLKerb5Test#testOneWaySSLWithGoodClientCipherSuite is failing....  I set the test with an ignore .. until we investigate what we should do."



--
This message was sent by Atlassian Jira
(v8.3.4#803005)