You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Robbie Gemmell (Jira)" <ji...@apache.org> on 2021/03/17 12:22:00 UTC

[jira] [Created] (ARTEMIS-3185) Various TLS tests fail on newer JDKs/environments

Robbie Gemmell created ARTEMIS-3185:
---------------------------------------

             Summary: Various TLS tests fail on newer JDKs/environments
                 Key: ARTEMIS-3185
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3185
             Project: ActiveMQ Artemis
          Issue Type: Test
          Components: Tests
    Affects Versions: 2.17.0
            Reporter: Robbie Gemmell


Various broker integration tests fail after I updated to Fedora 33, seemingly on all JDK versions but certainly with 8u275 and above, with the failing tests all being TLS related. For example, AMQPConnectSaslTest, JMSSaslExternalTest, JMSSaslExternalLDAPTest failed, though there are others.

Specifically, the related keystore for those tests looks to be keystore1.jks under tests/integration-tests/src/test/resources (though possibly other files in there and related tests could be affected or need updated also). The key contained uses SHA1withRSA for the signature, which keytool notes is disabled and so that is presumably the problem:
{noformat}
$ keytool -keystore keystore1.jks -storepass changeit -list -v
...snipped...
Signature algorithm name: SHA1withRSA (disabled)
...snipped...
<keystore1> uses the SHA1withRSA signature algorithm which is considered a security risk and is disabled.
{noformat}
I'm not clear how the file was generated and dont see the CA key used to sign it and which matches up to the truststore.jks file (it uses SHA256withRSA sig and so should be fine if the key were updated in isolation). If someone who knows the process used could update the key that would be great.

A suggestion I would make is to create a script that creates the files, both so it can be seen later what was done, and more easily repeated and/or updated when needed. E.g for example we do this with the [Qpid JMS tests resources|https://github.com/apache/qpid-jms/blob/0.57.0/qpid-jms-client/src/test/resources/README.txt], which I adapted for creating the ['broker-connections' TLS example|https://github.com/apache/activemq-artemis/blob/master/examples/features/broker-connection/amqp-sending-overssl/store-generation.txt] resources when I was updating that.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)