On 26/06/2019 23:01, Igal Sapir wrote: > While testing Tomcat Native 1.2.23 two unit tests failed on my system: > > TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.APR.txt > TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.APR.txt > > My build.properties includes the following: > test.openssl.unimplemented=ARIA,IDEA > > Which adds any ciphers with the substring ARIA or IDEA in the name to > the unimplemented list that should be ignored [1]. > > The failure message shows that the issue is with unexpected ciphers [2], > e.g. ECDHE-ARIA128-GCM-SHA256+TLSv1.2, so the next thing I did was to > check OpenSSL's version and ciphers. The version is the same as the > build process shows in the logs, but I don't see ARIA ciphers there: > > $ openssl version > OpenSSL 1.1.1 11 Sep 2018 > $ openssl ciphers -v | grep ARIA > > Any ideas?
First impressions are that the ciphers supported by the latest OpenSSL versions have changed. However, I would have expected Gump to pick up on that and it hasn't. More research required... Mark > > Thanks, > > Igal > > [1] https://github.com/apache/tomcat/commit/a9c1a0661198 > [2] Testcase: testOpenSSLCipherAvailability took 0.043 sec > FAILED > Unexpected cipher suites: ECDHE-ARIA128-GCM-SHA256+TLSv1.2 > DHE-RSA-ARIA128-GCM-SHA256+TLSv1.2 DHE-DSS-ARIA256-GCM-SHA384+TLSv1.2 > ECDHE-ECDSA-ARIA128-GCM-SHA256+TLSv1.2 ARIA256-GCM-SHA384+TLSv1.2 > ECDHE-ARIA256-GCM-SHA384+TLSv1.2 DHE-RSA-ARIA256-GCM-SHA384+TLSv1.2 > RSA-PSK-ARIA256-GCM-SHA384+TLSv1.2 > ECDHE-ECDSA-ARIA256-GCM-SHA384+TLSv1.2 ARIA128-GCM-SHA256+TLSv1.2 > RSA-PSK-ARIA128-GCM-SHA256+TLSv1.2 DHE-PSK-ARIA128-GCM-SHA256+TLSv1.2 > DHE-DSS-ARIA128-GCM-SHA256+TLSv1.2 PSK-ARIA256-GCM-SHA384+TLSv1.2 > DHE-PSK-ARIA256-GCM-SHA384+TLSv1.2 PSK-ARIA128-GCM-SHA256+TLSv1.2 > expected:<0> but was:<16> > junit.framework.AssertionFailedError: Unexpected cipher suites: > ECDHE-ARIA128-GCM-SHA256+TLSv1.2 DHE-RSA-ARIA128-GCM-SHA256+TLSv1.2 > DHE-DSS-ARIA256-GCM-SHA384+TLSv1.2 > ECDHE-ECDSA-ARIA128-GCM-SHA256+TLSv1.2 ARIA256-GCM-SHA384+TLSv1.2 > ECDHE-ARIA256-GCM-SHA384+TLSv1.2 DHE-RSA-ARIA256-GCM-SHA384+TLSv1.2 > RSA-PSK-ARIA256-GCM-SHA384+TLSv1.2 > ECDHE-ECDSA-ARIA256-GCM-SHA384+TLSv1.2 ARIA128-GCM-SHA256+TLSv1.2 > RSA-PSK-ARIA128-GCM-SHA256+TLSv1.2 DHE-PSK-ARIA128-GCM-SHA256+TLSv1.2 > DHE-DSS-ARIA128-GCM-SHA256+TLSv1.2 PSK-ARIA256-GCM-SHA384+TLSv1.2 > DHE-PSK-ARIA256-GCM-SHA384+TLSv1.2 PSK-ARIA128-GCM-SHA256+TLSv1.2 > expected:<0> but was:<16> > at > org.apache.tomcat.util.net.openssl.ciphers.TestCipher.testOpenSSLCipherAvailability(TestCipher.java:108) > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
