On 03/08/18 11:11, Mark Thomas wrote: > On 03/08/18 09:13, Rory O'Donnell wrote: >> Hi Mark, >> >> Did you include the latest patch - by the way this is being discussed on >> security-dev mailing list ? > > Ah. No. I was using webrev.00 which was the one listed in the bug report > for JDK-8207009. > > I'll try again with webrev.01 and report back.
Good news. I can confirm that the 01 patch does fix this issue. Mark > > Mark > >> >> see >> http://mail.openjdk.java.net/pipermail/security-dev/2018-August/017751.html >> >> Rgds,Rory >> >> >> On 02/08/2018 14:39, Mark Thomas wrote: >>> On 02/08/18 13:42, Rory O'Donnell wrote: >>>> That would be very useful, thanks. >>> Rory, >>> >>> I have testing this locally and the proposed patch for JDK-8207009 *does >>> not* address the issue described in JDK-8208642. >>> >>> I was concerned that I wasn't building the JDK correctly and/or picking >>> up the wrong JDK but I've added a bunch of System.out.println() >>> statements that confirm I am running the correct (current source plus >>> JDK-8207009 patch) and that the failure described in JDK-8208642 is >>> still happening in the same way. >>> >>> Mark >>> >>> >>>> Rgds,Rory >>>> >>>> >>>> On 02/08/2018 10:31, Mark Thomas wrote: >>>>> On 02/08/18 10:06, Rory O'Donnell wrote: >>>>>> Hi Mark, >>>>>> >>>>>> Your bug (JDK-8208642) has been closed as a duplicate of another issue : >>>>>> >>>>>> https://bugs.openjdk.java.net/browse/JDK-8207009 >>>>>> >>>>>> I will let you know when the fix get's into a build. >>>>> Thanks Rory. >>>>> >>>>> I should be able to build jdk11 from source and test the proposed patch. >>>>> I'll let you know how I get on. >>>>> >>>>> Mark >>>>> >>>>> >>>>>> Rgds,Rory >>>>>> >>>>>> >>>>>> On 01/08/2018 10:47, Rory O'Donnell wrote: >>>>>>> Thanks Mark, I'll follow up and advise when it's moved into JBS >>>>>>> >>>>>>> Rgds,Rory >>>>>>> >>>>>>> >>>>>>> On 01/08/2018 10:41, Mark Thomas wrote: >>>>>>>> Rory, >>>>>>>> >>>>>>>> I can confirm that there is a JDK bug here. >>>>>>>> >>>>>>>> The short version is that server initiated renegotiation of a TLSv1.2 >>>>>>>> connection fails if the Java client is configured to allow TLSv1.3 >>>>>>>> >>>>>>>> Details available under internal review ID : 9056398 >>>>>>>> >>>>>>>> As always, I'm happy to provide further details if required. >>>>>>>> >>>>>>>> Cheers, >>>>>>>> >>>>>>>> Mark >>>>>>>> >>>>>>>> >>>>>>>> On 31/07/18 15:19, Rory O'Donnell wrote: >>>>>>>>> Hi Mark, >>>>>>>>> >>>>>>>>> Does the latest JDK 11 EA build 24 also fail ? If yes, could you >>>>>>>>> log a >>>>>>>>> bug as we are now >>>>>>>>> >>>>>>>>> in Rampdown Phase 2. >>>>>>>>> >>>>>>>>> Thanks,Rory >>>>>>>>> >>>>>>>>> >>>>>>>>> On 31/07/2018 15:10, Mark Thomas wrote: >>>>>>>>>> On 17/07/18 12:26, Rory O'Donnell wrote: >>>>>>>>>> >>>>>>>>>> <snip/> >>>>>>>>>> >>>>>>>>>>> *JDK 12 Early Access Build 02 is available at >>>>>>>>>>> **http://jdk.java.net/12/* >>>>>>>>>> I've just run the Tomcat 9 test suite with the JDK 12 EA4 build >>>>>>>>>> and I >>>>>>>>>> see a few TLS related failures: >>>>>>>>>> >>>>>>>>>> [concat] Testsuites with failed tests: >>>>>>>>>> [concat] >>>>>>>>>> TEST-org.apache.tomcat.util.net.TestClientCert.NIO.txt >>>>>>>>>> [concat] >>>>>>>>>> TEST-org.apache.tomcat.util.net.TestClientCert.NIO2.txt >>>>>>>>>> [concat] TEST-org.apache.tomcat.util.net.TestCustomSsl.NIO.txt >>>>>>>>>> [concat] >>>>>>>>>> TEST-org.apache.tomcat.util.net.TestCustomSsl.NIO2.txt >>>>>>>>>> >>>>>>>>>> I haven't dug into why the tests are failing yet. >>>>>>>>>> >>>>>>>>>> I also saw some failures in the OpenSSL tests but those are >>>>>>>>>> expected due >>>>>>>>>> to the OpenSSL version I have installed locally. >>>>>>>>>> >>>>>>>>>> Mark >>>>>>>>>> >>>>>>>>>> --------------------------------------------------------------------- >>>>>>>>>> >>>>>>>>>> To unsubscribe, e-mail:dev-unsubscr...@tomcat.apache.org >>>>>>>>>> For additional commands, e-mail:dev-h...@tomcat.apache.org >>>>>>>>>> >>>>>>> -- >>>>>>> Rgds,Rory O'Donnell >>>>>>> Quality Engineering Manager >>>>>>> Oracle EMEA, Dublin,Ireland >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: dev-h...@tomcat.apache.org >>> >> >> -- >> Rgds,Rory O'Donnell >> Quality Engineering Manager >> Oracle EMEA , Dublin, Ireland >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
