Hello,
> The test code appears to select TLSV1.2. https://github.com/apache/commons-net/blob/fd06a81fd4ea3ace33d397935c76a4e014088fa2/src/test/java/org/apache/commons/net/ftp/FTPSClientTest.java#L103 the test code seems to limit the client to TLS1 only. Not sure why it does that, if we remove it, it should probably run with most sane JDKs. Gruss Bernd -- https://bernd.eckenfels.net *Von: *sebb <[email protected]> *Gesendet: *Montag, 26. Juli 2021 16:41 *An: *Bernd Eckenfels <[email protected]> *Cc: *Commons Developers List <[email protected]> *Betreff: *Re: [NET] FTPSClientTest fails on AdoptOpenJDK 8 & 11 On Mon, 26 Jul 2021 at 15:18, Bernd Eckenfels <[email protected]> wrote: > > You can enable the protocols (see link below) in the Java.security policy file, but in the long run it’s best to mainly test supported algorithms, maybe by conditionally checking it only if available, then a manual modified test environment can use the compatibility tests, I have comparde the java.security files between Oracle 8 and AdoptOpenJDK 8. The latter includes the following: jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, ... However Oracle does not list TLSv1 and TLSv1.1. I tried dropping these two from the AdoptOpenJDK version, and that allowed the test to complete OK. However that is not a feasible approach in general. I have no idea why one of the disabled algorithms is being used. The test code appears to select TLSV1.2. How does one choose a supported algo? > (Btw I don’t think that Oracle behaves better, it is just not tested with the commercially supported latest Oracle versions I suspect). The Crypto roadmap states tls1 for example is disabled since April in Oracle 8u291. > > https://java.com/en/jre-jdk-cryptoroadmap.html > > Gruss > Bernd > > > -- > http://bernd.eckenfels.net > ________________________________ > Von: Gary Gregory <[email protected]> > Gesendet: Monday, July 26, 2021 2:57:35 PM > An: sebb <[email protected]> > Cc: CommonsDev <[email protected]> > Betreff: Re: [NET] FTPSClientTest fails on AdoptOpenJDK 8 & 11 > > Hm, there might be some system property to set that says "use this old and > now deprecated algorithm" or we might have to recreate any certificates > used in tests with a current JDK 8. > > Gary > > > On Mon, Jul 26, 2021, 08:42 sebb <[email protected]> wrote: > > > As the subject says: FTPSClientTest fails with > > > > javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol > > is disabled or cipher suites are inappropriate) > > > > when run with AdoptOpenJDK 8 & 11 > > However it works fine with the Oracle version of Java 8 & 11 > > > > @Gary Gregory : I think you wrote the code -- any idea how to fix it > > for AdoptOpenJDK? > > > > Sebb > >
