Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test fix for handshake failure in SSLDriverTests in JDK16 #67337

Merged
merged 4 commits into from
Jan 12, 2021
Merged

Test fix for handshake failure in SSLDriverTests in JDK16 #67337

merged 4 commits into from
Jan 12, 2021

Conversation

albertzaharovits
Copy link
Contributor

SSLDriverTests#testHandshakeFailureBecauseProtocolMismatch intentionally uses mismatching TLS protocols between the client and the server in a test scenario. In this particular case, the mismatch is between "TLSv1.1" and "TLSv1.2".

The problem is that JDK16 does not support "TLSv1.1" .

This fix tests the mismatch between "TLSv1.3" and "TLSv1.2" when running in JDK16 with -Dtests.fips.enabled=false and otherwise maintains the original mismatch test between "TLSv1.1" and "TLSv1.2".

Closes #67324

@albertzaharovits albertzaharovits added >test Issues or PRs that are addressing/adding tests :Security/TLS SSL/TLS, Certificates v8.0.0 v7.12.0 labels Jan 12, 2021
@albertzaharovits albertzaharovits self-assigned this Jan 12, 2021
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Jan 12, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

jkakavas
jkakavas reviewed Jan 12, 2021
View reviewed changes
...in/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SSLDriverTests.java
final String[] clientProtocols;
final String expectedMessage;
if (inFipsJvm()) {
// fips JSSE does not support TLSv1.3 yet
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mental note to revisit this when #67233 is fixed, as 1.0.11 includes support for TLS1.3

jkakavas
jkakavas approved these changes Jan 12, 2021
View reviewed changes
Copy link
Member

@jkakavas jkakavas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@albertzaharovits albertzaharovits merged commit 443f882 into elastic:master Jan 12, 2021
@albertzaharovits albertzaharovits deleted the fix-ssldrivertests-in-jdk16 branch January 12, 2021 13:49
albertzaharovits added a commit to albertzaharovits/elasticsearch that referenced this pull request Jan 12, 2021
@albertzaharovits
Test fix for handshake failure in SSLDriverTests in JDK16 (elastic#67337
a24829f 
)

This fixes the mismatch test between "TLSv1.3" and "TLSv1.2" when running
in JDK16 with `-Dtests.fips.enabled=false` and it otherwise maintains the
original mismatch test between "TLSv1.1" and "TLSv1.2".

Closes elastic#67324
@albertzaharovits albertzaharovits mentioned this pull request Jan 12, 2021
Merged
albertzaharovits added a commit that referenced this pull request Jan 12, 2021
@albertzaharovits
Test fix for handshake failure in SSLDriverTests in JDK16 (#67337)
d4e75b2 
This fixes the mismatch test between "TLSv1.3" and "TLSv1.2" when running
in JDK16 with `-Dtests.fips.enabled=false` and it otherwise maintains the
original mismatch test between "TLSv1.1" and "TLSv1.2".

Closes #67324
This was referenced Jan 15, 2021
Merged
Closed
albertzaharovits added a commit that referenced this pull request Jan 16, 2021
@albertzaharovits
Test fix SSLDriverTests.testHandshakeFailureBecauseProtocolMismatch (#…
08aab8b 
…67610)

The TLS protocol mismatch message during handshake in older JDKs 8 is different.
This is a fallout from #67337

Closes #67511
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkakavas jkakavas jkakavas approved these changes

Assignees

@albertzaharovits albertzaharovits

Labels
:Security/TLS SSL/TLS, Certificates Team:Security Meta label for security team >test Issues or PRs that are addressing/adding tests v7.12.0 v8.0.0-alpha1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SSLDriverTests failures on Java 16
4 participants
@albertzaharovits @elasticmachine @jkakavas @jakelandis