Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Testcontainers build fails - MySQL, DB2, ... impacted by removal of TLS<1.2 in [email protected] #4058

Open
rnorth opened this issue May 5, 2021 · 4 comments · Fixed by #4059
Open

Testcontainers build fails - MySQL, DB2, ... impacted by removal of TLS<1.2 in [email protected] #4058

rnorth opened this issue May 5, 2021 · 4 comments · Fixed by #4059
Labels
modules/jdbc type/test-improvement

Comments

@rnorth
Copy link
Member

rnorth commented May 5, 2021

It seems that some of our tests are now failing on CI, and I've correlated this to [email protected] JDK. Note that this is not a problem when using [email protected], so it seems that a deprecation might be triggering this

Caused by:
                javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                    at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:170)
                    at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
                    at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:221)
                    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:433)
                    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
                    at com.mysql.cj.protocol.ExportControlled.performTlsHandshake(ExportControlled.java:317)
                    at com.mysql.cj.protocol.StandardSocketFactory.performTlsHandshake(StandardSocketFactory.java:188)
                    at com.mysql.cj.protocol.a.NativeSocketConnection.performTlsHandshake(NativeSocketConnection.java:97)
                    at com.mysql.cj.protocol.a.NativeProtocol.negotiateSSLConnection(NativeProtocol.java:331)
                    ... 19 more

To reproduce, change JDK versions as above and run:

./gradlew clean mysql:test --tests org.testcontainers.junit.mysql.SimpleMySQLTest --no-build-cache
@rnorth
Copy link
Member Author

rnorth commented May 5, 2021

Almost certainly due to this: https://bugs.openjdk.java.net/browse/JDK-8202343

@bsideup
Copy link
Member

bsideup commented May 6, 2021

FYI actions/runner-images#3325

rnorth added a commit that referenced this issue May 6, 2021
@rnorth
Use up-to-date MySQL docker images
8504ac3 
Fixes #4058

Latest versions of JDKs (including `[email protected]`) have disabled TLS1.0 and 1.1, which means that these JDKs can no longer use particularly old versions of the MySQL docker images. This PR makes Testcontainers' own tests use the most up-to-date images available (for each version of MySQL in use).

The PR also updates the 'default' MySQL tag, since the previous version can no longer be used reliably.
This was referenced May 6, 2021
Merged
Closed
@dimafeng dimafeng mentioned this issue May 9, 2021
Merged
@rnorth rnorth changed the title Testcontainers build fails - MySQL SSLHandshakeException with [email protected] Testcontainers build fails - MySQL, DB2, ... impacted by removal of TLS<1.2 in [email protected] May 16, 2021
@rnorth
Copy link
Member Author

rnorth commented May 16, 2021
edited
Loading

Reopening, as I've found the same problem with DB2. If we have the same problem with any other containers I'll update this ticket.

@rnorth rnorth reopened this May 16, 2021
@rnorth
Copy link
Member Author

rnorth commented May 16, 2021

Looks like DB2 is going to be a pain, as out of the box it will need extra configuration operations to turn on TLS1.2:
https://www.ibm.com/docs/en/db2/11.5?topic=parameters-ssl-versions-supported-ssl-versions-server

The default value for SSL_VERSIONS is null. If you set the parameter to null or TLSv1, the parameter enables support for TLS version 1.0 (RFC2246) and TLS version 1.1 (RFC4346). TLS version 1.2 is not enabled by default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
modules/jdbc type/test-improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use up-to-date MySQL docker images testcontainers/testcontainers-java
2 participants
@rnorth @bsideup