jmx-dev [ping] Re: RFR 8145919: sun/management/jmxremote/bootstrap/RmiSslBootstrapTest failed with Connection failed for no credentials (Round 2)
Jaroslav Bachorik
jaroslav.bachorik at oracle.com
Wed Feb 17 12:13:43 UTC 2016
On 16.2.2016 11:56, Daniel Fuchs wrote:
> Hi Jaroslav,
>
> I have no objection to this change.
>
> Could you add a comment somewhere to explain how you
> generated the truststore and keystore - in case we need
> to tweak that again in the future?
I've added a simple readme file next to the keystores.
http://cr.openjdk.java.net/~jbachorik/8145919/webrev.03
-JB-
>
> best regards,
>
> -- daniel
>
> On 16/02/16 10:41, Jaroslav Bachorik wrote:
>> On 11.2.2016 11:39, Jaroslav Bachorik wrote:
>>> Please, review the following test change
>>>
>>> Issue : https://bugs.openjdk.java.net/browse/JDK-8145919
>>> Webrev: http://cr.openjdk.java.net/~jbachorik/8145919/webrev.02
>>>
>>> The previous attempt to fix this problem was focused on the fact that
>>> the test tend to fail on ARM64 platforms. This is no more true, the
>>> failure is reproducible on various platforms if using fastdebug build.
>>>
>>> It turns out that the test is setting up SSL in a way that only RC4
>>> cipher suites are to be used (the test keys are generated by this algo).
>>> These cipher suites, however, has been disabled (JDK-8076221).
>>>
>>> By all means the test should be failing since the RC4 test suites were
>>> excluded. For some reason it started failing intermittently instead. I
>>> will leave the exercise of figuring out why to someone with a thorough
>>> expertise in SSL handshake.
>>>
>>> The fix is straightforward - create new keys (and keystore and
>>> truststore) using a supported cipher suite. I opted for the default one
>>> (TLS_DHE_DSS_WITH_AES_128_GCM_SHA256) and update the ssl properties for
>>> the test to request this cipher suite. After this change the test is
>>> passing regularly (tried running it 200 times in a loop - without any
>>> failure).
>>>
>>> Thanks,
>>>
>>> -JB-
>>
>
More information about the serviceability-dev
mailing list