On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas <ma...@apache.org> wrote: > On 02/11/2018 22:39, Igal Sapir wrote: > > <snip/> > > > I am getting the same test case failures as before, so it doesn't look > like > > a regression to me: > > [concat] Testsuites with failed tests: > > [concat] > > TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1] > > [concat] > > > TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt > > [2] > > > > (details below) > > > > > >> The proposed 9.0.13 release is: > >> [ ] Broken - do not release > >> [X] Stable - go ahead and release as 9.0.13 > >> > >> > > Assuming that my assessment of the failures is correct, my non-binding > vote > > is Stable. Tested on Fedora 28 with OpenSSL 1.1.0i-fips. > > Which JDK are you using? It looks like an IBM one. It has been a while > since I tested things with an IBM JDK so some updates might be required. >
I am pretty sure that I've never installed the IBM JDK on any machine. This one IIRC is from Oracle: $ javac -version javac 1.8.0_181 $ java -version java version "1.8.0_181" Java(TM) SE Runtime Environment (build 1.8.0_181-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode) I will upgrade to u191 from Oracle and then test again. > A FIPS enabled OpenSSL might also cause some failures as it might > disable some ciphers. > I am guessing by the version name of OpenSSL that FIPS is enabled: $ openssl version OpenSSL 1.1.0i-fips 14 Aug 2018 $ uname -a Linux local 4.18.16-200.fc28.x86_64 #1 SMP Sat Oct 20 23:53:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux Should I make a mental note that these are false positives or should we pursue it further and update the test cases to remove ciphers that should not be used? Thanks, Igal
