Ok, I got the test fixed. I just added the following line in the
beginning of the test :
java.lang.System.setProperty(
"sun.security.ssl.allowUnsafeRenegotiation", "true" );
This is explained in detail here :
http://java.sun.com/javase/javaseforbusiness/docs/TLSReadme.html
On 5/31/10 10:51 AM, Bernd Fondermann wrote:
There was a vulnerability discovered in TLS recently.
One fix is to switch off renegotitation.
Maybe you are running into this issue, but you'd have to check for yourself.
> From http://en.wikipedia.org/wiki/Transport_Layer_Security :
A vulnerability of the renegotiation procedure was discovered in August
2009 that can lead to plaintext injection attacks against SSLv3 and all
current versions of TLS. For example, it allows an attacker who can
hijack an https connection to splice their own requests into the
beginning of the conversation the client has with the web server. The
attacker can't actually decrypt the client-server communication, so it
is different from a typical man-in-the-middle attack. A short-term fix
is for web servers to stop allowing renegotiation, which typically will
not require other changes unless client certificate authentication is used.
<<<<
See also this blog post from Ben Laurie:
http://www.links.org/?p=840
HTH,
Bernd
Ashish wrote:
I am getting the same error :(
Me and Emm both are on JDK 1.6 u20
On Mon, May 31, 2010 at 1:48 PM, Niklas Gustavsson<nik...@protocol7.com> wrote:
On Mon, May 31, 2010 at 9:53 AM, Emmanuel Lecharny<elecha...@gmail.com> wrote:
as I just launched a new vote for 2.0, as suggested by Niklas, I should have
added the revision and uploaded binaries for the vote. So I started to
generate them, and now, on my Mac, I have one error :
Do you get this consistently? I just ran mvn clean install on trunk
and it worked fine. But, that's using 1.6.0_17.
/niklas
--
Regards,
Cordialement,
Emmanuel Lécharny
www.nextury.com
