John Zhuge created HADOOP-13874: ----------------------------------- Summary: TestSSLHttpServer failures Key: HADOOP-13874 URL: https://issues.apache.org/jira/browse/HADOOP-13874 Project: Hadoop Common Issue Type: Bug Components: security, test Affects Versions: 3.0.0-alpha2 Reporter: John Zhuge Assignee: John Zhuge Priority: Critical
All exceptions look like "Cannot support ... with currently installed providers". I am running Centos 7.2.1511 and native enabled. {noformat} Tests run: 5, Failures: 0, Errors: 3, Skipped: 0, Time elapsed: 1.593 sec <<< FAILURE! - in org.apache.hadoop.http.TestSSLHttpServer testExclusiveEnabledCiphers(org.apache.hadoop.http.TestSSLHttpServer) Time elapsed: 0.012 sec <<< ERROR! java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA with currently installed providers at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92) at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461) at org.apache.hadoop.http.TestSSLHttpServer$PrefferedCipherSSLSocketFactory.createSocket(TestSSLHttpServer.java:269) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:436) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at org.apache.hadoop.http.TestSSLHttpServer.testExclusiveEnabledCiphers(TestSSLHttpServer.java:227) testOneEnabledCiphers(org.apache.hadoop.http.TestSSLHttpServer) Time elapsed: 0.004 sec <<< ERROR! java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_RC4_128_SHA with currently installed providers at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92) at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461) at org.apache.hadoop.http.TestSSLHttpServer$PrefferedCipherSSLSocketFactory.createSocket(TestSSLHttpServer.java:269) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:436) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at org.apache.hadoop.http.TestSSLHttpServer.testOneEnabledCiphers(TestSSLHttpServer.java:200) testExcludedCiphers(org.apache.hadoop.http.TestSSLHttpServer) Time elapsed: 0.015 sec <<< ERROR! java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_RC4_128_SHA with currently installed providers at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92) at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461) at org.apache.hadoop.http.TestSSLHttpServer$PrefferedCipherSSLSocketFactory.createSocket(TestSSLHttpServer.java:269) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:436) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at org.apache.hadoop.http.TestSSLHttpServer.testExcludedCiphers(TestSSLHttpServer.java:176) {noformat} My source tree sync'd to: {noformat} 9ef89ed HDFS-11140. Directory Scanner should log startup message time correctly. Contributed by Yiqun Lin. {noformat} My SSL environment: {noformat} $ curl -sS https://www.howsmyssl.com/a/check | python -m json.tool { "able_to_detect_n_minus_one_splitting": false, "beast_vuln": false, "ephemeral_keys_supported": true, "given_cipher_suites": [ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_RC4_128_SHA", "TLS_RSA_WITH_RC4_128_MD5" ], "insecure_cipher_suites": { "TLS_RSA_WITH_RC4_128_MD5": [ "uses RC4 which has insecure biases in its output" ], "TLS_RSA_WITH_RC4_128_SHA": [ "uses RC4 which has insecure biases in its output" ] }, "rating": "Bad", "session_ticket_supported": false, "tls_compression_supported": false, "tls_version": "TLS 1.2", "unknown_cipher_suite_supported": false } {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org