[11] RFR: 8205653: test/jdk/sun/management/jmxremote/bootstrap/RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure

Sibabrata Sahoo sibabrata.sahoo at oracle.com
Fri Jun 29 08:22:20 UTC 2018


May I get the approval from serviceability-dev at openjdk.java.net.

Thanks,
Siba

-----Original Message-----
From: Xuelei Fan 
Sent: Thursday, June 28, 2018 9:27 PM
To: Daniel Fuchs <daniel.fuchs at oracle.com>; Sibabrata Sahoo <sibabrata.sahoo at oracle.com>; jmx-dev at openjdk.java.net; security-dev at openjdk.java.net; serviceability-dev at openjdk.java.net serviceability-dev at openjdk.java.net <serviceability-dev at openjdk.java.net>
Subject: Re: [11] RFR: 8205653: test/jdk/sun/management/jmxremote/bootstrap/RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure

Hi Siba,

The change looks fine to me.  I would like Serviceability review this change as well.

Thanks,
Xuelei

On 6/28/2018 8:46 AM, Daniel Fuchs wrote:
> [ccing serviceability-dev at openjdk.java.net]
> 
> Hi Siba,
> 
> This looks good to me - but I'm not a SSL expert.
> It would be good to get someone from the security team eyeball those 
> changes (Xuelei? Brad?)
> 
> I added serviceability-dev at openjdk.java.net in cc as this is where 
> reviews for JMX/Monitoring changes happen these days...
> 
> best regards,
> 
> -- daniel
> 
> On 28/06/2018 17:10, Sibabrata Sahoo wrote:
>> Hi,
>>
>> Please review the patch for,
>>
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8205653
>>
>> Webrev: http://cr.openjdk.java.net/~ssahoo/8205653/webrev.00/
>>
>> Change:
>>
>> The Test has been upgraded to address the following 2 cases,
>>
>>  1. Add protocol support for TLSv1.3. The change is done in the 
>> config
>>     file named "management_ssltest11_ok.properties.in".
>>  2. Add support for legacy TLS. Now a new config file
>>     "management_ssltest15_ok.properties.in" hold TLS protocol
>>     "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA" 
>> instead
>>     of "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5".
>>
>> Previously the Test was using DSA keys which is not compatible with 
>> TLSv1.3. So the keys has been upgraded to use RSA(2048 bit). Hence 
>> the instruction in "Readme.txt" changed which generates RSA(2048 bit) keys.
>>
>> NOTE: Few Test was problem listed which are removed from the list now. 
>> Mach 5 result PASS with multiple try for all 14 Test belongs to 
>> "open/test/jdk/sun/management/jmxremote" folder.
>>
>> Thanks,
>>
>> Siba
>>
> 


More information about the security-dev mailing list