db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mamta A. Satoor (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6778) SSL tests are failing on 10.8 codeline with IBM jdk 1.4.2 after poodle security backport
Date Wed, 10 Dec 2014 07:54:12 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6778?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14240777#comment-14240777
] 

Mamta A. Satoor commented on DERBY-6778:
----------------------------------------

I have been debugging the failures as found at
http://people.apache.org/~myrnavl/derby_test_results/v10_8/windows/testlog/ibm142/1643050-suites.All_diff.txt
 and
http://people.apache.org/~myrnavl/derby_test_results/v10_8/linux/testlog/ibm142/1643044-suites.All_diff.txt

The issue is very specific to IBM Jdk 1.4.2 and does not happen with other higher jdks. The
problem can be reproduced by starting the Network Server on 10.8 codeline with IBM jdk 1.4.2
and pinging that server will result in handshake failure. 
eg
1)Start the server
java -Djavax.net.ssl.keyStore=SSLTestServerKey.key -Djavax.net.ssl.keyStorePassword=qwerty
org.apache.derby.drda.NetworkServerControl  -p 1529 start -ssl basic &
2)ping the server
java -Djavax.net.ssl.keyStore=SSLTestServerKey.key -Djavax.net.ssl.keyStorePassword=qwerty
org.apache.derby.drda.NetworkServerControl -p 1529 ping -ssl basic 

Note that I have SSLTestServerKey.key  in my directory in order to user SSL basic configuration.

I tried the same experiment with Derby 10.8 network server with IBM jdk1.4.2 but the ping
coming from a higher jdk and it gave little more useful information about server trying to
use the disabled SSLv3 server and thus causing the handshake between client and server to
fail.

In order to resolve this issue specific with IBM jdk1.4.2, I am working on 10.8 codeline to
disable the poodle security fix in 10.8 codeline just for IBM jdk1.4.2. Hopefully since Jdk
1.4.2 is so old, there are no many people still using it and hence they will not risk into
poodle security.

After the tests have run successfully on jdk1.4.2 and higher jdk with my changes, I will commit
it. I will post the patch for review tomorrow.

> SSL tests are failing on 10.8 codeline with IBM jdk 1.4.2 after poodle security backport
> ----------------------------------------------------------------------------------------
>
>                 Key: DERBY-6778
>                 URL: https://issues.apache.org/jira/browse/DERBY-6778
>             Project: Derby
>          Issue Type: Bug
>          Components: Test
>    Affects Versions: 10.8.3.3
>            Reporter: Mamta A. Satoor
>            Assignee: Mamta A. Satoor
>
> DERBY-6764(analyze impact of poodle security alert on Derby client - server ssl support)
was fixed in 10.12 codeline. The backport of the fix to 10.8(other codelines do not have this
issue) has caused SSL related tests to fail on 10.8 codeline with IBM jdk 1.4.2. This jira
is created to provide a fix on 10.8 codeline for IBM jdk 1.4.2



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message