On 03/08/18 09:13, Rory O'Donnell wrote: > Hi Mark, > > Did you include the latest patch - by the way this is being discussed on > security-dev mailing list ?
Ah. No. I was using webrev.00 which was the one listed in the bug report for JDK-8207009. I'll try again with webrev.01 and report back. Mark > > see > http://mail.openjdk.java.net/pipermail/security-dev/2018-August/017751.html > > Rgds,Rory > > > On 02/08/2018 14:39, Mark Thomas wrote: >> On 02/08/18 13:42, Rory O'Donnell wrote: >>> That would be very useful, thanks. >> Rory, >> >> I have testing this locally and the proposed patch for JDK-8207009 *does >> not* address the issue described in JDK-8208642. >> >> I was concerned that I wasn't building the JDK correctly and/or picking >> up the wrong JDK but I've added a bunch of System.out.println() >> statements that confirm I am running the correct (current source plus >> JDK-8207009 patch) and that the failure described in JDK-8208642 is >> still happening in the same way. >> >> Mark >> >> >>> Rgds,Rory >>> >>> >>> On 02/08/2018 10:31, Mark Thomas wrote: >>>> On 02/08/18 10:06, Rory O'Donnell wrote: >>>>> Hi Mark, >>>>> >>>>> Your bug (JDK-8208642) has been closed as a duplicate of another issue : >>>>> >>>>> https://bugs.openjdk.java.net/browse/JDK-8207009 >>>>> >>>>> I will let you know when the fix get's into a build. >>>> Thanks Rory. >>>> >>>> I should be able to build jdk11 from source and test the proposed patch. >>>> I'll let you know how I get on. >>>> >>>> Mark >>>> >>>> >>>>> Rgds,Rory >>>>> >>>>> >>>>> On 01/08/2018 10:47, Rory O'Donnell wrote: >>>>>> Thanks Mark, I'll follow up and advise when it's moved into JBS >>>>>> >>>>>> Rgds,Rory >>>>>> >>>>>> >>>>>> On 01/08/2018 10:41, Mark Thomas wrote: >>>>>>> Rory, >>>>>>> >>>>>>> I can confirm that there is a JDK bug here. >>>>>>> >>>>>>> The short version is that server initiated renegotiation of a TLSv1.2 >>>>>>> connection fails if the Java client is configured to allow TLSv1.3 >>>>>>> >>>>>>> Details available under internal review ID : 9056398 >>>>>>> >>>>>>> As always, I'm happy to provide further details if required. >>>>>>> >>>>>>> Cheers, >>>>>>> >>>>>>> Mark >>>>>>> >>>>>>> >>>>>>> On 31/07/18 15:19, Rory O'Donnell wrote: >>>>>>>> Hi Mark, >>>>>>>> >>>>>>>> Does the latest JDK 11 EA build 24 also fail ? If yes, could you >>>>>>>> log a >>>>>>>> bug as we are now >>>>>>>> >>>>>>>> in Rampdown Phase 2. >>>>>>>> >>>>>>>> Thanks,Rory >>>>>>>> >>>>>>>> >>>>>>>> On 31/07/2018 15:10, Mark Thomas wrote: >>>>>>>>> On 17/07/18 12:26, Rory O'Donnell wrote: >>>>>>>>> >>>>>>>>> <snip/> >>>>>>>>> >>>>>>>>>> *JDK 12 Early Access Build 02 is available at >>>>>>>>>> **http://jdk.java.net/12/* >>>>>>>>> I've just run the Tomcat 9 test suite with the JDK 12 EA4 build >>>>>>>>> and I >>>>>>>>> see a few TLS related failures: >>>>>>>>> >>>>>>>>> [concat] Testsuites with failed tests: >>>>>>>>> [concat] >>>>>>>>> TEST-org.apache.tomcat.util.net.TestClientCert.NIO.txt >>>>>>>>> [concat] >>>>>>>>> TEST-org.apache.tomcat.util.net.TestClientCert.NIO2.txt >>>>>>>>> [concat] TEST-org.apache.tomcat.util.net.TestCustomSsl.NIO.txt >>>>>>>>> [concat] >>>>>>>>> TEST-org.apache.tomcat.util.net.TestCustomSsl.NIO2.txt >>>>>>>>> >>>>>>>>> I haven't dug into why the tests are failing yet. >>>>>>>>> >>>>>>>>> I also saw some failures in the OpenSSL tests but those are >>>>>>>>> expected due >>>>>>>>> to the OpenSSL version I have installed locally. >>>>>>>>> >>>>>>>>> Mark >>>>>>>>> >>>>>>>>> --------------------------------------------------------------------- >>>>>>>>> >>>>>>>>> To unsubscribe, e-mail:dev-unsubscr...@tomcat.apache.org >>>>>>>>> For additional commands, e-mail:dev-h...@tomcat.apache.org >>>>>>>>> >>>>>> -- >>>>>> Rgds,Rory O'Donnell >>>>>> Quality Engineering Manager >>>>>> Oracle EMEA, Dublin,Ireland >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> > > -- > Rgds,Rory O'Donnell > Quality Engineering Manager > Oracle EMEA , Dublin, Ireland > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
