Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UNDERTOW-2112 Client Cert Renegotiation is not supported by JDK14 and newer. #1353

Merged
merged 1 commit into from
Aug 11, 2022

Conversation

kstekovi
Copy link
Contributor

UNDERTOW-2112 Assume the testcase for jdk < 14. New version TLSv1.3 and new JDK versions are breaking this feature

https://issues.redhat.com/browse/UNDERTOW-2112

…nd new JDK versions are breaking this feature
@@ -67,6 +68,8 @@ protected List<AuthenticationMechanism> getTestMechanisms() {

@BeforeClass
public static void startSSL() throws Exception {
Assume.assumeTrue("UNDERTOW-2112 New version TLSv1.3 and JDK14 and newer versions are breaking this feature",
getJavaSpecificationVersion() < 14);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe TLSv1.3 was backported to jdk8 a, it may instead be preferable to explicitly specify TLSv1.2 for the server in this test, which should work across java versions

Copy link
Contributor

@rmartinc rmartinc Aug 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@carterkozak TLSV1.2 is already used in the test but it fails with JDK-17. The problem is that JDK-14+ added a new ticket extension that makes the force_renegotiation fail in TLSv1.2. Mainly all new versions (TLS spec or JDK impl) are making force_renegotiation fail. See UNDERTOW-2112 for more information. The test should be assumed to avoid it in jdk-14+.

@rmartinc
Copy link
Contributor

rmartinc commented Aug 1, 2022

Same PR than #1339 but in 2.2 branch. IMHO force_renegotiationis starting to make no sense as it's not working in new versions (TLSv1.3 or JDK-17) and we cannot do anything with it. For the moment the PR just assumes the test to only execute it in JDK versions previous to 14, in which the ticket extension was enabled by default.

@fl4via fl4via merged commit 9a06b56 into undertow-io:2.2.x Aug 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants