[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16740015#comment-16740015 ] Hudson commented on HADOOP-16016: - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #15759 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/15759/]) HADOOP-16016. TestSSLFactory#testServerWeakCiphers fails on Java (aajisaka: rev d4ca907da636892e4ab98e232fe0f7f77f1f7aac) * (edit) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > --- > > Key: HADOOP-16016 > URL: https://issues.apache.org/jira/browse/HADOOP-16016 > Project: Hadoop Common > Issue Type: Bug > Components: security, test > Environment: Java 1.8.0_191 or upper >Reporter: Jason Lowe >Assignee: Akira Ajisaka >Priority: Major > Fix For: 2.10.0, 3.3.0, 2.8.6, 3.2.1, 2.9.3, 3.1.3 > > Attachments: HADOOP-16016-002.patch, HADOOP-16016.01.patch, > HADOOP-16016.03.patch > > > I have seen a couple of precommit builds across JIRAs fail in > TestSSLFactory#testServerWeakCiphers with the error: > {noformat} > [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no > cipher suites in common' but got unexpected > exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol > (protocol is disabled or cipher suites are inappropriate) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16739275#comment-16739275 ] Steve Loughran commented on HADOOP-16016: - Probably need to document this as an issue for users of older releases, backport to 2.9.x+ > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > --- > > Key: HADOOP-16016 > URL: https://issues.apache.org/jira/browse/HADOOP-16016 > Project: Hadoop Common > Issue Type: Bug > Components: security, test > Environment: Java 1.8.0_191 or upper >Reporter: Jason Lowe >Assignee: Akira Ajisaka >Priority: Major > Attachments: HADOOP-16016-002.patch, HADOOP-16016.01.patch, > HADOOP-16016.03.patch > > > I have seen a couple of precommit builds across JIRAs fail in > TestSSLFactory#testServerWeakCiphers with the error: > {noformat} > [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no > cipher suites in common' but got unexpected > exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol > (protocol is disabled or cipher suites are inappropriate) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16738879#comment-16738879 ] Wei-Chiu Chuang commented on HADOOP-16016: -- +1 [~ajisakaa] thanks for figuring it out! I'm wondering if we should document it or attach a release note somewhere, since the error message is not obvious, and a user who upgrades JDK would suddenly be able to start DataNode because of this issue. > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > --- > > Key: HADOOP-16016 > URL: https://issues.apache.org/jira/browse/HADOOP-16016 > Project: Hadoop Common > Issue Type: Bug > Components: security, test > Environment: Java 1.8.0_191 or upper >Reporter: Jason Lowe >Assignee: Akira Ajisaka >Priority: Major > Attachments: HADOOP-16016-002.patch, HADOOP-16016.01.patch, > HADOOP-16016.03.patch > > > I have seen a couple of precommit builds across JIRAs fail in > TestSSLFactory#testServerWeakCiphers with the error: > {noformat} > [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no > cipher suites in common' but got unexpected > exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol > (protocol is disabled or cipher suites are inappropriate) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16737705#comment-16737705 ] Akira Ajisaka commented on HADOOP-16016: Hi [~jojochuang], would you review the latest patch? > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > --- > > Key: HADOOP-16016 > URL: https://issues.apache.org/jira/browse/HADOOP-16016 > Project: Hadoop Common > Issue Type: Bug > Components: security, test > Environment: Java 1.8.0_191 or upper >Reporter: Jason Lowe >Assignee: Akira Ajisaka >Priority: Major > Attachments: HADOOP-16016-002.patch, HADOOP-16016.01.patch, > HADOOP-16016.03.patch > > > I have seen a couple of precommit builds across JIRAs fail in > TestSSLFactory#testServerWeakCiphers with the error: > {noformat} > [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no > cipher suites in common' but got unexpected > exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol > (protocol is disabled or cipher suites are inappropriate) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16735460#comment-16735460 ] Hadoop QA commented on HADOOP-16016: | (/) *{color:green}+1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 20s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 1 new or modified test files. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 21m 19s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 17m 31s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 52s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 15s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 14m 33s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 48s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 1s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 59s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 17m 6s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 17m 6s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 55s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 12s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 12m 5s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 58s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 4s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} unit {color} | {color:green} 9m 11s{color} | {color:green} hadoop-common in the patch passed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 36s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}103m 25s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:8f97d6f | | JIRA Issue | HADOOP-16016 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12953916/HADOOP-16016.03.patch | | Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient findbugs checkstyle | | uname | Linux 0bfe2bc1dc6b 4.4.0-138-generic #164~14.04.1-Ubuntu SMP Fri Oct 5 08:56:16 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 2c02aa6 | | maven | version: Apache Maven 3.3.9 | | Default Java | 1.8.0_191 | | findbugs | v3.1.0-RC1 | | Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/15732/testReport/ | | Max. process+thread count | 1766 (vs. ulimit of 1) | | modules | C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common | | Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/15732/console | | Powered by | Apache Yetus 0.8.0 http://yetus.apache.org | This message was automatically generated. > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > -
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16735402#comment-16735402 ] Akira Ajisaka commented on HADOOP-16016: 03 patch: Added a strong cipher suite to {{excludeCiphers}}. > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > --- > > Key: HADOOP-16016 > URL: https://issues.apache.org/jira/browse/HADOOP-16016 > Project: Hadoop Common > Issue Type: Bug > Components: security, test > Environment: Java 1.8.0_191 or upper >Reporter: Jason Lowe >Assignee: Akira Ajisaka >Priority: Major > Attachments: HADOOP-16016-002.patch, HADOOP-16016.01.patch, > HADOOP-16016.03.patch > > > I have seen a couple of precommit builds across JIRAs fail in > TestSSLFactory#testServerWeakCiphers with the error: > {noformat} > [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no > cipher suites in common' but got unexpected > exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol > (protocol is disabled or cipher suites are inappropriate) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16735400#comment-16735400 ] Akira Ajisaka commented on HADOOP-16016: Thanks [~jojochuang] and [~Jack-Lee] for the comments. Removing the DES ciphers does not fix the test. This test fails because after JDK-8208350, all of the {{excludeCiphers}} are regarded as weak and there are no cipher suite which can pass the client-side verification. Adding a strong cipher suite to {{excludeCiphers}} fixes this test failure. > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > --- > > Key: HADOOP-16016 > URL: https://issues.apache.org/jira/browse/HADOOP-16016 > Project: Hadoop Common > Issue Type: Bug > Components: security, test > Environment: Java 1.8.0_191 or upper >Reporter: Jason Lowe >Assignee: Akira Ajisaka >Priority: Major > Attachments: HADOOP-16016-002.patch, HADOOP-16016.01.patch > > > I have seen a couple of precommit builds across JIRAs fail in > TestSSLFactory#testServerWeakCiphers with the error: > {noformat} > [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no > cipher suites in common' but got unexpected > exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol > (protocol is disabled or cipher suites are inappropriate) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16732564#comment-16732564 ] lqjacklee commented on HADOOP-16016: I notice that the enabled cipher suits is 43, while after building the SSL , the supported cipher suits is 59. So I wonder whether it is just the reason you referred ? > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > --- > > Key: HADOOP-16016 > URL: https://issues.apache.org/jira/browse/HADOOP-16016 > Project: Hadoop Common > Issue Type: Bug > Components: security, test > Environment: Java 1.8.0_191 or upper >Reporter: Jason Lowe >Assignee: Akira Ajisaka >Priority: Major > Attachments: HADOOP-16016-002.patch, HADOOP-16016.01.patch > > > I have seen a couple of precommit builds across JIRAs fail in > TestSSLFactory#testServerWeakCiphers with the error: > {noformat} > [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no > cipher suites in common' but got unexpected > exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol > (protocol is disabled or cipher suites are inappropriate) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16732527#comment-16732527 ] Wei-Chiu Chuang commented on HADOOP-16016: -- So... I wrote the original test actually. If it is caused by JDK-8208350 which disables DES ciphers, maybe we should just remove these ciphers from excludeCiphers string? SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > --- > > Key: HADOOP-16016 > URL: https://issues.apache.org/jira/browse/HADOOP-16016 > Project: Hadoop Common > Issue Type: Bug > Components: security, test > Environment: Java 1.8.0_191 or upper >Reporter: Jason Lowe >Assignee: Akira Ajisaka >Priority: Major > Attachments: HADOOP-16016-002.patch, HADOOP-16016.01.patch > > > I have seen a couple of precommit builds across JIRAs fail in > TestSSLFactory#testServerWeakCiphers with the error: > {noformat} > [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no > cipher suites in common' but got unexpected > exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol > (protocol is disabled or cipher suites are inappropriate) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16731186#comment-16731186 ] Hadoop QA commented on HADOOP-16016: | (/) *{color:green}+1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 11s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 1 new or modified test files. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 20m 27s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 14m 47s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 54s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 13s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 14m 11s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 37s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 1s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 48s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 14m 10s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 14m 10s{color} | {color:green} the patch passed {color} | | {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange} 0m 53s{color} | {color:orange} hadoop-common-project/hadoop-common: The patch generated 25 new + 19 unchanged - 0 fixed = 44 total (was 19) {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 9s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 12m 2s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 48s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 0s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} unit {color} | {color:green} 8m 11s{color} | {color:green} hadoop-common in the patch passed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 38s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 94m 37s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:8f97d6f | | JIRA Issue | HADOOP-16016 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12953361/HADOOP-16016-002.patch | | Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient findbugs checkstyle | | uname | Linux 7e4a7b804bad 4.4.0-134-generic #160~14.04.1-Ubuntu SMP Fri Aug 17 11:07:07 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/patchprocess/precommit/personality/provided.sh | | git revision | trunk / eee29ed | | maven | version: Apache Maven 3.3.9 | | Default Java | 1.8.0_191 | | findbugs | v3.1.0-RC1 | | checkstyle | https://builds.apache.org/job/PreCommit-HADOOP-Build/15714/artifact/out/diff-checkstyle-hadoop-common-project_hadoop-common.txt | | Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/15714/testReport/ | | Max. process+thread count | 1487 (vs. ulimit of 1) | | modules | C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common | | Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/15714/consol
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16731155#comment-16731155 ] lqjacklee commented on HADOOP-16016: Just ignore the exception is one solution. however the issue still be there, so I wonder you need change the enabled cipher suites. However there exist the security issue , we should just enable the ones (or all supported). I want to submit the patch for us to review and update the solution .thanks . {code:java} private SSLEngineResult wrap(SSLEngine engine, ByteBuffer from, ByteBuffer to) throws Exception { String[] supportedCipherSuites = engine.getSupportedCipherSuites(); engine.setEnabledCipherSuites(supportedCipherSuites); SSLEngineResult result = engine.wrap(from, to); runDelegatedTasks(result, engine); return result; } {code} > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > --- > > Key: HADOOP-16016 > URL: https://issues.apache.org/jira/browse/HADOOP-16016 > Project: Hadoop Common > Issue Type: Bug > Components: security, test > Environment: Java 1.8.0_191 or upper >Reporter: Jason Lowe >Assignee: Akira Ajisaka >Priority: Major > Attachments: HADOOP-16016-002.patch, HADOOP-16016.01.patch > > > I have seen a couple of precommit builds across JIRAs fail in > TestSSLFactory#testServerWeakCiphers with the error: > {noformat} > [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no > cipher suites in common' but got unexpected > exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol > (protocol is disabled or cipher suites are inappropriate) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16730269#comment-16730269 ] Hadoop QA commented on HADOOP-16016: | (/) *{color:green}+1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 17s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 1 new or modified test files. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 20m 55s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 15m 32s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 51s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 15s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 14m 25s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 51s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 1s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 54s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 15m 38s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 15m 38s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 51s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 10s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 12m 1s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 54s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 59s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} unit {color} | {color:green} 8m 36s{color} | {color:green} hadoop-common in the patch passed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 42s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 98m 31s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:8f97d6f | | JIRA Issue | HADOOP-16016 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12953204/HADOOP-16016.01.patch | | Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient findbugs checkstyle | | uname | Linux 63fb6e5d5c3d 4.4.0-134-generic #160~14.04.1-Ubuntu SMP Fri Aug 17 11:07:07 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 128f340 | | maven | version: Apache Maven 3.3.9 | | Default Java | 1.8.0_181 | | findbugs | v3.1.0-RC1 | | Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/15704/testReport/ | | Max. process+thread count | 1502 (vs. ulimit of 1) | | modules | C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common | | Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/15704/console | | Powered by | Apache Yetus 0.8.0 http://yetus.apache.org | This message was automatically generated. > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds >
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16730081#comment-16730081 ] Akira Ajisaka commented on HADOOP-16016: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8208350 disabled weak cipher suites, so the error message has changed. Now I'm thinking it is sufficient to check if SSLHandshakeException is thrown. > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > --- > > Key: HADOOP-16016 > URL: https://issues.apache.org/jira/browse/HADOOP-16016 > Project: Hadoop Common > Issue Type: Bug > Components: test >Affects Versions: 3.3.0 >Reporter: Jason Lowe >Priority: Major > > I have seen a couple of precommit builds across JIRAs fail in > TestSSLFactory#testServerWeakCiphers with the error: > {noformat} > [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no > cipher suites in common' but got unexpected > exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol > (protocol is disabled or cipher suites are inappropriate) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16730079#comment-16730079 ] Akira Ajisaka commented on HADOOP-16016: The test passed in Java 8u181 and failed in Java 8u191. I suppose there is some changes between the versions. > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > --- > > Key: HADOOP-16016 > URL: https://issues.apache.org/jira/browse/HADOOP-16016 > Project: Hadoop Common > Issue Type: Bug > Components: test >Affects Versions: 3.3.0 >Reporter: Jason Lowe >Priority: Major > > I have seen a couple of precommit builds across JIRAs fail in > TestSSLFactory#testServerWeakCiphers with the error: > {noformat} > [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no > cipher suites in common' but got unexpected > exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol > (protocol is disabled or cipher suites are inappropriate) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16016) TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds
[ https://issues.apache.org/jira/browse/HADOOP-16016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16725148#comment-16725148 ] Jason Lowe commented on HADOOP-16016: - Full stack trace: {noformat} [ERROR] testServerWeakCiphers(org.apache.hadoop.security.ssl.TestSSLFactory) Time elapsed: 0.079 s <<< FAILURE! java.lang.AssertionError: Expected to find 'no cipher suites in common' but got unexpected exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) at sun.security.ssl.Handshaker.activate(Handshaker.java:509) at sun.security.ssl.SSLEngineImpl.kickstartHandshake(SSLEngineImpl.java:714) at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1212) at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) at org.apache.hadoop.security.ssl.TestSSLFactory.wrap(TestSSLFactory.java:246) at org.apache.hadoop.security.ssl.TestSSLFactory.testServerWeakCiphers(TestSSLFactory.java:220) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.junit.runners.ParentRunner.run(ParentRunner.java:309) at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:365) at org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:273) at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:238) at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:159) at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:384) at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:345) at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:126) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:418) at org.apache.hadoop.security.ssl.TestSSLFactory.testServerWeakCiphers(TestSSLFactory.java:240) Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) at org.apache.hadoop.security.ssl.TestSSLFactory.wrap(TestSSLFactory.java:246) at org.apache.hadoop.security.ssl.TestSSLFactory.testServerWeakCiphers(TestSSLFactory.java:220) {noformat} Looks like maybe the exception message changed in the Java libraries? Test is looking for "no cipher suites in common" but the exception message is "No appropriate protocol" instead. > TestSSLFactory#testServerWeakCiphers sporadically fails in precommit builds > --- > > Key: HADOOP-16016 > URL: https://issues.apache.org/jira/browse/HADOOP-16016 > Project: Hadoop Common > Issue Type: Bug > Components: test >Affects Versions: 3.3.0 >Reporter: Jason Lowe >Priority: Major > > I have seen a couple of precommit builds across JIRAs fail in > TestSSLFactory#testServerWeakCiphers with the error: > {noformat} > [ERROR] TestSSLFactory.testServerWeakCiphers:240 Expected to find 'no > cipher suites in common' but got unexpected > exception:javax.net.ssl.SS