On 27/06/2019 14:49, Mark Thomas wrote: > On 26/06/2019 23:01, Igal Sapir wrote: >> While testing Tomcat Native 1.2.23 two unit tests failed on my system: >> >> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.APR.txt >> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.APR.txt >> >> My build.properties includes the following: >> test.openssl.unimplemented=ARIA,IDEA >> >> Which adds any ciphers with the substring ARIA or IDEA in the name to >> the unimplemented list that should be ignored [1]. >> >> The failure message shows that the issue is with unexpected ciphers [2], >> e.g. ECDHE-ARIA128-GCM-SHA256+TLSv1.2, so the next thing I did was to >> check OpenSSL's version and ciphers. The version is the same as the >> build process shows in the logs, but I don't see ARIA ciphers there: >> >> $ openssl version >> OpenSSL 1.1.1 11 Sep 2018 >> $ openssl ciphers -v | grep ARIA >> >> Any ideas? > > First impressions are that the ciphers supported by the latest OpenSSL > versions have changed. However, I would have expected Gump to pick up on > that and it hasn't. > > More research required...
The ciphers supported by Ubuntu have changed. You need to use: openssl ciphers -v ALL:eNULL to see all of them. The short version is that ARIA ciphers are now supported. test.openssl.unimplemented=IDEA should fix it. Mark > > Mark > >> >> Thanks, >> >> Igal >> >> [1] https://github.com/apache/tomcat/commit/a9c1a0661198 >> [2] Testcase: testOpenSSLCipherAvailability took 0.043 sec >> FAILED >> Unexpected cipher suites: ECDHE-ARIA128-GCM-SHA256+TLSv1.2 >> DHE-RSA-ARIA128-GCM-SHA256+TLSv1.2 DHE-DSS-ARIA256-GCM-SHA384+TLSv1.2 >> ECDHE-ECDSA-ARIA128-GCM-SHA256+TLSv1.2 ARIA256-GCM-SHA384+TLSv1.2 >> ECDHE-ARIA256-GCM-SHA384+TLSv1.2 DHE-RSA-ARIA256-GCM-SHA384+TLSv1.2 >> RSA-PSK-ARIA256-GCM-SHA384+TLSv1.2 >> ECDHE-ECDSA-ARIA256-GCM-SHA384+TLSv1.2 ARIA128-GCM-SHA256+TLSv1.2 >> RSA-PSK-ARIA128-GCM-SHA256+TLSv1.2 DHE-PSK-ARIA128-GCM-SHA256+TLSv1.2 >> DHE-DSS-ARIA128-GCM-SHA256+TLSv1.2 PSK-ARIA256-GCM-SHA384+TLSv1.2 >> DHE-PSK-ARIA256-GCM-SHA384+TLSv1.2 PSK-ARIA128-GCM-SHA256+TLSv1.2 >> expected:<0> but was:<16> >> junit.framework.AssertionFailedError: Unexpected cipher suites: >> ECDHE-ARIA128-GCM-SHA256+TLSv1.2 DHE-RSA-ARIA128-GCM-SHA256+TLSv1.2 >> DHE-DSS-ARIA256-GCM-SHA384+TLSv1.2 >> ECDHE-ECDSA-ARIA128-GCM-SHA256+TLSv1.2 ARIA256-GCM-SHA384+TLSv1.2 >> ECDHE-ARIA256-GCM-SHA384+TLSv1.2 DHE-RSA-ARIA256-GCM-SHA384+TLSv1.2 >> RSA-PSK-ARIA256-GCM-SHA384+TLSv1.2 >> ECDHE-ECDSA-ARIA256-GCM-SHA384+TLSv1.2 ARIA128-GCM-SHA256+TLSv1.2 >> RSA-PSK-ARIA128-GCM-SHA256+TLSv1.2 DHE-PSK-ARIA128-GCM-SHA256+TLSv1.2 >> DHE-DSS-ARIA128-GCM-SHA256+TLSv1.2 PSK-ARIA256-GCM-SHA384+TLSv1.2 >> DHE-PSK-ARIA256-GCM-SHA384+TLSv1.2 PSK-ARIA128-GCM-SHA256+TLSv1.2 >> expected:<0> but was:<16> >> at >> org.apache.tomcat.util.net.openssl.ciphers.TestCipher.testOpenSSLCipherAvailability(TestCipher.java:108) >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
