You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/10/07 09:50:00 UTC

[jira] [Commented] (ARTEMIS-3038) unwind defunct changes from ARTEMIS-1264

    [ https://issues.apache.org/jira/browse/ARTEMIS-3038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17425446#comment-17425446 ] 

ASF subversion and git services commented on ARTEMIS-3038:
----------------------------------------------------------

Commit a5b5a504e0426daa1f2598582ea3252f8bca4cf8 in activemq-artemis's branch refs/heads/main from Robbie Gemmell
[ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=a5b5a50 ]

ARTEMIS-3038: unwind effect of defunct changes from ARTEMIS-1264

Follows earlier test removal in a3de3d4c75ba1482706e8c42a5c9b0f9811901eb


> unwind defunct changes from ARTEMIS-1264
> ----------------------------------------
>
>                 Key: ARTEMIS-3038
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3038
>             Project: ActiveMQ Artemis
>          Issue Type: Task
>    Affects Versions: 2.18.0
>            Reporter: Clebert Suconic
>            Assignee: Robbie Gemmell
>            Priority: Major
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> The changes made in ARTEMIS-1264 are essentially defunct and should be unwound. The Kerberos TLS cipher suites were already not recommended for use at the time due to being weak, they had already been removed entirely from Java 11 by then, and have been disabled by default in Java 8 releases for some time now, and do not work with TLS 1.3. OpenSSL removed the equivalent support from its source even earlier in May 2015, [https://mta.openssl.org/pipermail/openssl-users/2015-May/001406.html].
> The related tests have already been removed as they were failing, then ignored, and essentialy couldnt run anywhere. The non-test changes are now untested and essentially defunct already, but once releases require Java 11 they will become entirely unusable.
>  
> Originally described with "CoreClientOverOneWaySSLKerb5Test#testOneWaySSLWithGoodClientCipherSuite is failing....  I set the test with an ignore .. until we investigate what we should do."



--
This message was sent by Atlassian Jira
(v8.3.4#803005)