This is an automated email from the ASF dual-hosted git repository.
hepin pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/pekko.git
The following commit(s) were added to refs/heads/main by this push:
new 462f53cdd5 chore: Update test tls cipher (#2656)
462f53cdd5 is described below
commit 462f53cdd56493f6e9ec756e40214b3ccab9ffca
Author: He-Pin(kerr) <[email protected]>
AuthorDate: Mon Feb 9 11:15:02 2026 +0800
chore: Update test tls cipher (#2656)
---
.../scala/org/apache/pekko/stream/io/TlsSpec.scala | 41 +++++++++-------------
1 file changed, 17 insertions(+), 24 deletions(-)
diff --git
a/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala
b/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala
index d0cba26fd8..c018aa48c4 100644
--- a/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala
+++ b/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala
@@ -36,13 +36,17 @@ import pekko.stream.stage._
import pekko.stream.testkit._
import pekko.testkit.TestDuration
import pekko.testkit.WithLogCapturing
-import pekko.util.{ ByteString, JavaVersion }
+import pekko.util.ByteString
object TlsSpec {
val rnd = new Random
- val TLS12Ciphers: Set[String] = Set("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA")
+ // Use forward-secrecy enabled cipher suites that are supported in Java 17+
+ // TLS_RSA_* cipher suites have been disabled by default in Java 17+
+ val TLS12Ciphers: Set[String] = Set(
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
val TLS13Ciphers: Set[String] = Set("TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384")
def initWithTrust(trustPath: String, protocol: String): SSLContext = {
@@ -377,31 +381,20 @@ class TlsSpec extends StreamSpec(TlsSpec.configOverrides)
with WithLogCapturing
}
}
- object SessionRenegotiationFirstOne extends PayloadScenario {
- override def flow = logCipherSuite
- def inputs =
NegotiateNewSession.withCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA") ::
send("hello") :: Nil
- def output = ByteString("TLS_RSA_WITH_AES_128_CBC_SHAhello")
- }
-
object SessionRenegotiationFirstTwo extends PayloadScenario {
override def flow = logCipherSuite
- def inputs =
NegotiateNewSession.withCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA") ::
send("hello") :: Nil
- def output = ByteString("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHAhello")
+ def inputs =
NegotiateNewSession.withCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256")
:: send("hello") ::
+ Nil
+ def output = ByteString("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256hello")
}
val renegotiationScenarios = if (protocol == "TLSv1.2") {
- if (JavaVersion.majorVersion <= 21)
- Seq(
- SessionRenegotiationBySender,
- SessionRenegotiationByReceiver,
- SessionRenegotiationFirstOne,
- SessionRenegotiationFirstTwo)
- else
- // skip SessionRenegotiationFirstOne as it uses a weak cipher suite
and the test will fail
- Seq(
- SessionRenegotiationBySender,
- SessionRenegotiationByReceiver,
- SessionRenegotiationFirstTwo)
+ // skip SessionRenegotiationFirstOne as it uses
TLS_RSA_WITH_AES_128_CBC_SHA
+ // which is a weak cipher suite that is disabled by default in Java 17+
+ Seq(
+ SessionRenegotiationBySender,
+ SessionRenegotiationByReceiver,
+ SessionRenegotiationFirstTwo)
} else
// TLSv1.3 doesn't support renegotiation
Nil
@@ -447,11 +440,11 @@ class TlsSpec extends StreamSpec(TlsSpec.configOverrides)
with WithLogCapturing
.collect { case SessionBytes(_, b) => b }
.scan(ByteString.empty)(_ ++ _)
.filter(_.nonEmpty)
- .via(new Timeout(10.seconds))
+ .via(new Timeout(15.seconds))
.dropWhile(_.size < scenario.output.size)
.runWith(Sink.headOption)
- Await.result(output,
12.seconds).getOrElse(ByteString.empty).utf8String should
be(scenario.output.utf8String)
+ Await.result(output,
17.seconds).getOrElse(ByteString.empty).utf8String should
be(scenario.output.utf8String)
commPattern.cleanup()
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
