Hi all,
I tested TC 7.0.106 plus a few patches from git with a variety of JVMs
on a few Linux distributions. I observed:
- org.apache.tomcat.util.net.TestClientCertTls13 now fails for Java
1.8.0_272 be it OpenJDK, Adopt or Zulu on all Linux distros I tested.
TLSv1.3 was backported to Java 8 in the recently released Patchlevel 272
and is enabled on the server side by default, but not on the client
side. The test succeeds as soon as I add
"-Djdk.tls.client.protocols=TLSv1.3". I guess correct TLS1.3 detection
during test gets moire and more complicated ...
- Only on RHEL 8 (e.g. not RHEL 6 or 7) and only with Red Hat provided
Java 1.8.0 and 11 (but not for other distributions of Java 1.8.0 or 11),
lots of TLS tests fail. For example TestSsl test testSimpleSsl show the
following when started with -Djavax.net.debug=all und Red Hat Java 11:
[junit] Oct 28, 2020 12:55:26 PM org.apache.coyote.AbstractProtocol
start
[junit] INFO: Starting ProtocolHandler
["http-bio-127.0.0.1-auto-1-43799"]
[junit] javax.net.ssl|DEBUG|03|Finalizer|2020-10-28 12:55:26.265
CET|SSLSocketImpl.java:473|duplex close of SSLSocket
[junit] javax.net.ssl|WARNING|03|Finalizer|2020-10-28 12:55:26.273
CET|SSLSocketImpl.java:494|SSLSocket duplex close failed (
[junit] "throwable" : {
[junit] java.net.SocketException: Socket is not connected
[junit] at
java.base/java.net.Socket.shutdownOutput(Socket.java:1553)
[junit] at
java.base/sun.security.ssl.BaseSSLSocketImpl.shutdownOutput(BaseSSLSocketImpl.java:232)
[junit] at
java.base/sun.security.ssl.SSLSocketImpl.duplexCloseOutput(SSLSocketImpl.java:561)
[junit] at
java.base/sun.security.ssl.SSLSocketImpl.close(SSLSocketImpl.java:479)
[junit] at
java.base/sun.security.ssl.BaseSSLSocketImpl.finalize(BaseSSLSocketImpl.java:275)
[junit] at
java.base/java.lang.System$2.invokeFinalize(System.java:2117)
[junit] at
java.base/java.lang.ref.Finalizer.runFinalizer(Finalizer.java:87)
[junit] at
java.base/java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:171)}
[junit]
[junit] )
[junit] javax.net.ssl|ERROR|01|main|2020-10-28 12:55:26.304
CET|TransportContext.java:313|Fatal (HANDSHAKE_FAILURE): Couldn't
kickstart handshaking (
[junit] "throwable" : {
[junit] javax.net.ssl.SSLHandshakeException: No appropriate
protocol (protocol is disabled or cipher suites are inappropriate)
[junit] at
java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:163)
[junit] at
java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:95)
[junit] at
java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:217)
[junit] at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395)
[junit] at
java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
[junit] at
java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
[junit] at
java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:163)
[junit] at
org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:665)
[junit] at
org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:639)
[junit] at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:633)
[junit] at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:627)
[junit] at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:612)
[junit] at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:606)
[junit] at
org.apache.tomcat.util.net.TestSsl.testSimpleSsl(TestSsl.java:60)
Dont know whether the error in the finalizer really is the root cause
and it might well be a JDK error, but I at least wanted to provide the
info here.
Best regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
