On 04/02/2016 13:38, jean-frederic clere wrote: > On 02/03/2016 07:08 PM, Mark Thomas wrote: >> On 03/02/2016 16:20, jean-frederic clere wrote: >>> On 02/02/2016 01:20 AM, Mark Thomas wrote: >>>> The proposed 9.0.0.M3 release is: >>>> [ ] Broken - do not release >>>> [X] Alpha - go ahead and release as 9.0.0.M3 >>> >>> I have the following errors: >>> +++ >>> hudson@neo2 logs]$ grep -l FAILED *.txt >>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.APR.txt >>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO2.txt >>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt >>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.APR.txt >>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO2.txt >>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt >>> +++ >>> >>> I have build my own openssl so I think it is OK, any hints? >> >> The tests are set up for the HEAD of each of the branches. Often the >> default ciphers change which break some of the tests. What, exactly, did >> you test against? > > openssl-1.0.2e and tc-native-1.2.4 I have something like: > +++ > FAILED > SRP-RSA-AES-256-CBC-SHA+SSLv3 SRP-DSS-3DES-EDE-CBC-SHA+SSLv3 > SRP-AES-256-CBC-SHA+SSLv3 SRP-DSS-AES-128-CBC-SHA+SSLv3 > SRP-AES-128-CBC-SHA+SSLv3 SRP-3DES-EDE-CBC-SHA+SSLv3 > SRP-RSA-3DES-EDE-CBC-SHA+SSLv3 SRP-DSS-AES-256-CBC-SHA+SSLv3 > SRP-RSA-AES-128-CBC-SHA+SSLv3 expected:<0> but was:<9> > junit.framework.AssertionFailedError: SRP-RSA-AES-256-CBC-SHA+SSLv3 > SRP-DSS-3DES-EDE-CBC-SHA+SSLv3 SRP-AES-256-CBC-SHA+SSLv3 > SRP-DSS-AES-128-CBC-SHA+SSLv3 SRP-AES-128-CBC-SHA+SSLv3 > SRP-3DES-EDE-CBC-SHA+SSLv3 SRP-RSA-3DES-EDE-CBC-SHA+SSLv3 > SRP-DSS-AES-256-CBC-SHA+SSLv3 SRP-RSA-AES-128-CBC-SHA+SSLv3 > expected:<0> but was:<9> > at > org.apache.tomcat.util.net.openssl.ciphers.TestCipher.testOpenSSLCipherAvailability(TestCipher.java:98) > +++ > > That looks like something different in the openssl configuration, if > someone has an hint I can try to find the problem.
OpenSSL should have included the above 9 ciphers in the list of ciphers returned for the cipher string "ALL:eNULL:aNULL:aRSA" It looks those were all added in 1.0.1 so they should be available in 1.0.2. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org