Peter Heuchert created SPARK-34073:
--------------------------------------
Summary: cipher problem with IBM JDK
Key: SPARK-34073
URL: https://issues.apache.org/jira/browse/SPARK-34073
Project: Spark
Issue Type: Bug
Components: Spark Core
Affects Versions: 3.0.1
Environment: Red Hat Enterprise Linux Server release 7.9 (Maipo)
java-1.8.0-ibm-1.8.0.6.10-1jpp.1.el7.x86_64
also tested with AIX 7.1 TL 5 and Java8_64.jre (8.0.0.616)
Reporter: Peter Heuchert
We get following error message in log:
{noformat}
21/01/11 11:37:00 INFO Master: Running Spark version 3.0.1
21/01/11 11:37:02 WARN SslContextFactory: No supported ciphers from
[SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_RSA_WITH_AES_256_CBC_SHA256,
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384,
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_DHE_DSS_WITH_AES_256_CBC_SHA256,
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_AES_256_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_AES_256_CBC_SHA,
SSL_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_AES_128_CBC_SHA256,
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_AES_128_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA,
SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_RSA_WITH_AES_256_GCM_SHA384, SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384, SSL_DHE_DSS_WITH_AES_256_GCM_SHA384,
SSL_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_RSA_WITH_AES_128_GCM_SHA256, SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256, SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256]{noformat}
and can not connect to the encrypted UI port and so on. Searching for this
error I found the information that [jetty blocks all ciphers starting with
SSL_|https://github.com/eclipse/jetty.project/issues/3817]. Unfortunately does
the IBM JDK we are using, name all ciphers with SSL_* instead of TLS_* for the
newer one.
I was looking for the strings reported in the issue and found them in
spark-core_2.12-3.0.1.jar, file
org/sparkproject/jetty/util/ssl/SslContextFactory.class:
{code:java}
^.*_(MD5|SHA|SHA1)$
^TLS_RSA_.*$
^SSL_.*$
^.*_NULL_.*$
^.*_anon_.*${code}
I could not find the source to check if I can take influence with the
configuration on these definition.
Does my analysis makes sense? And would it be possible to add a configuration
to not exclude the SSL_* ciphers, just for JDKs that define different naming
schemes?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
