jmx-dev [ping] Re: RFR 8145919: sun/management/jmxremote/bootstrap/RmiSslBootstrapTest failed with Connection failed for no credentials (Round 2)
Daniel Fuchs
daniel.fuchs at oracle.com
Wed Feb 17 13:41:30 UTC 2016
Thanks Jaroslav, that's great!
If these certificates have an expiration date then
it's possible that we will have to regenerate them
from time to time...
cheers,
-- daniel
On 17/02/16 13:13, Jaroslav Bachorik wrote:
> On 16.2.2016 11:56, Daniel Fuchs wrote:
>> Hi Jaroslav,
>>
>> I have no objection to this change.
>>
>> Could you add a comment somewhere to explain how you
>> generated the truststore and keystore - in case we need
>> to tweak that again in the future?
>
> I've added a simple readme file next to the keystores.
>
> http://cr.openjdk.java.net/~jbachorik/8145919/webrev.03
>
> -JB-
>
>>
>> best regards,
>>
>> -- daniel
>>
>> On 16/02/16 10:41, Jaroslav Bachorik wrote:
>>> On 11.2.2016 11:39, Jaroslav Bachorik wrote:
>>>> Please, review the following test change
>>>>
>>>> Issue : https://bugs.openjdk.java.net/browse/JDK-8145919
>>>> Webrev: http://cr.openjdk.java.net/~jbachorik/8145919/webrev.02
>>>>
>>>> The previous attempt to fix this problem was focused on the fact that
>>>> the test tend to fail on ARM64 platforms. This is no more true, the
>>>> failure is reproducible on various platforms if using fastdebug build.
>>>>
>>>> It turns out that the test is setting up SSL in a way that only RC4
>>>> cipher suites are to be used (the test keys are generated by this
>>>> algo).
>>>> These cipher suites, however, has been disabled (JDK-8076221).
>>>>
>>>> By all means the test should be failing since the RC4 test suites were
>>>> excluded. For some reason it started failing intermittently instead. I
>>>> will leave the exercise of figuring out why to someone with a thorough
>>>> expertise in SSL handshake.
>>>>
>>>> The fix is straightforward - create new keys (and keystore and
>>>> truststore) using a supported cipher suite. I opted for the default one
>>>> (TLS_DHE_DSS_WITH_AES_128_GCM_SHA256) and update the ssl properties for
>>>> the test to request this cipher suite. After this change the test is
>>>> passing regularly (tried running it 200 times in a loop - without any
>>>> failure).
>>>>
>>>> Thanks,
>>>>
>>>> -JB-
>>>
>>
>
More information about the security-dev
mailing list