directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: [ApacheDS] Test failures with latest JDK
Date Mon, 22 Feb 2016 09:54:47 GMT
Le 22/02/16 10:29, Kiran Ayyagari a écrit :
> On Mon, Feb 22, 2016 at 2:44 PM, Stefan Seelmann <mail@stefan-seelmann.de>
> wrote:
>
>> Hi,
>>
>> after update to latest JDK (1.8.0_74, 1.7.0_95) some tests in
>> server-integ fail. I think the cause is that since 1.8.0_71 MD5 is
>> disabled[1].
>>
>> I think we just need to change the algorithms used when generating the
>> certificates, but I don't find the place in the code where that can be
>> done. Any pointers?
>>
> the only class which we use for generating the default certificate is
> TlsKeyGenerator.java
> but I think we must upgrade to a new version of bouncycastle cause
> certificate is
> generated using this library.

We can't really, unless we fix a pb in Studio.

Colm tried to upgrade bcprov to the latest version, and it makes the
studio build to fail.

Otherwise, I would *strongly* suggest we deprecated MD5. It's broken, it
has been deprecated by Oracle, and should be deprecated everywhere,
final : " The CMU Software Engineering Institute
<https://en.wikipedia.org/wiki/CMU_Software_Engineering_Institute>
considers MD5 essentially "cryptographically broken and unsuitable for
further use"."

Those using MD5 have to switch to something that is solid, or move to
plain text instead. All in all, it's pretty much the same thing...

Mime
View raw message