This is an automated email from the ASF dual-hosted git repository. hepin pushed a commit to branch tlsJava17 in repository https://gitbox.apache.org/repos/asf/pekko.git
commit b271ff7913fc07271c5f9b36348fcd22e7c1f346 Author: He-Pin <[email protected]> AuthorDate: Sat Feb 7 22:44:05 2026 +0800 chore: Update test tls cipher --- .../scala/org/apache/pekko/stream/io/TlsSpec.scala | 39 +++++++++------------- 1 file changed, 16 insertions(+), 23 deletions(-) diff --git a/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala b/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala index d0cba26fd8..86eda47ae4 100644 --- a/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala +++ b/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala @@ -36,13 +36,17 @@ import pekko.stream.stage._ import pekko.stream.testkit._ import pekko.testkit.TestDuration import pekko.testkit.WithLogCapturing -import pekko.util.{ ByteString, JavaVersion } +import pekko.util.ByteString object TlsSpec { val rnd = new Random - val TLS12Ciphers: Set[String] = Set("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA") + // Use forward-secrecy enabled cipher suites that are supported in Java 17+ + // TLS_RSA_* cipher suites have been disabled by default in Java 17+ + val TLS12Ciphers: Set[String] = Set( + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") val TLS13Ciphers: Set[String] = Set("TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384") def initWithTrust(trustPath: String, protocol: String): SSLContext = { @@ -377,31 +381,20 @@ class TlsSpec extends StreamSpec(TlsSpec.configOverrides) with WithLogCapturing } } - object SessionRenegotiationFirstOne extends PayloadScenario { - override def flow = logCipherSuite - def inputs = NegotiateNewSession.withCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA") :: send("hello") :: Nil - def output = ByteString("TLS_RSA_WITH_AES_128_CBC_SHAhello") - } object SessionRenegotiationFirstTwo extends PayloadScenario { override def flow = logCipherSuite - def inputs = NegotiateNewSession.withCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA") :: send("hello") :: Nil - def output = ByteString("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHAhello") + def inputs = NegotiateNewSession.withCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256") :: send("hello") :: Nil + def output = ByteString("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256hello") } val renegotiationScenarios = if (protocol == "TLSv1.2") { - if (JavaVersion.majorVersion <= 21) - Seq( - SessionRenegotiationBySender, - SessionRenegotiationByReceiver, - SessionRenegotiationFirstOne, - SessionRenegotiationFirstTwo) - else - // skip SessionRenegotiationFirstOne as it uses a weak cipher suite and the test will fail - Seq( - SessionRenegotiationBySender, - SessionRenegotiationByReceiver, - SessionRenegotiationFirstTwo) + // skip SessionRenegotiationFirstOne as it uses TLS_RSA_WITH_AES_128_CBC_SHA + // which is a weak cipher suite that is disabled by default in Java 17+ + Seq( + SessionRenegotiationBySender, + SessionRenegotiationByReceiver, + SessionRenegotiationFirstTwo) } else // TLSv1.3 doesn't support renegotiation Nil @@ -447,11 +440,11 @@ class TlsSpec extends StreamSpec(TlsSpec.configOverrides) with WithLogCapturing .collect { case SessionBytes(_, b) => b } .scan(ByteString.empty)(_ ++ _) .filter(_.nonEmpty) - .via(new Timeout(10.seconds)) + .via(new Timeout(15.seconds)) .dropWhile(_.size < scenario.output.size) .runWith(Sink.headOption) - Await.result(output, 12.seconds).getOrElse(ByteString.empty).utf8String should be(scenario.output.utf8String) + Await.result(output, 17.seconds).getOrElse(ByteString.empty).utf8String should be(scenario.output.utf8String) commPattern.cleanup() } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
