hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Zhuge (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HADOOP-13874) TestSSLHttpServer failures
Date Tue, 03 Jan 2017 17:52:58 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-13874?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

John Zhuge resolved HADOOP-13874.
---------------------------------
    Resolution: Cannot Reproduce

Can't reproduce it, even at the same commit.

> TestSSLHttpServer failures
> --------------------------
>
>                 Key: HADOOP-13874
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13874
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security, test
>    Affects Versions: 3.0.0-alpha2
>            Reporter: John Zhuge
>            Assignee: John Zhuge
>            Priority: Critical
>
> All exceptions look like "Cannot support ... with currently installed providers". I am
running Centos 7.2.1511 and native enabled.
> {noformat}
> Tests run: 5, Failures: 0, Errors: 3, Skipped: 0, Time elapsed: 1.593 sec <<<
FAILURE! - in org.apache.hadoop.http.TestSSLHttpServer
> testExclusiveEnabledCiphers(org.apache.hadoop.http.TestSSLHttpServer)  Time elapsed:
0.012 sec  <<< ERROR!
> java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
with currently installed providers
>         at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
>         at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461)
>         at org.apache.hadoop.http.TestSSLHttpServer$PrefferedCipherSSLSocketFactory.createSocket(TestSSLHttpServer.java:269)
>         at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:436)
>         at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
>         at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
>         at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
>         at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
>         at org.apache.hadoop.http.TestSSLHttpServer.testExclusiveEnabledCiphers(TestSSLHttpServer.java:227)
> testOneEnabledCiphers(org.apache.hadoop.http.TestSSLHttpServer)  Time elapsed: 0.004
sec  <<< ERROR!
> java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_RC4_128_SHA with
currently installed providers
>         at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
>         at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461)
>         at org.apache.hadoop.http.TestSSLHttpServer$PrefferedCipherSSLSocketFactory.createSocket(TestSSLHttpServer.java:269)
>         at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:436)
>         at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
>         at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
>         at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
>         at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
>         at org.apache.hadoop.http.TestSSLHttpServer.testOneEnabledCiphers(TestSSLHttpServer.java:200)
> testExcludedCiphers(org.apache.hadoop.http.TestSSLHttpServer)  Time elapsed: 0.015 sec
 <<< ERROR!
> java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_RC4_128_SHA with
currently installed providers
>         at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
>         at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461)
>         at org.apache.hadoop.http.TestSSLHttpServer$PrefferedCipherSSLSocketFactory.createSocket(TestSSLHttpServer.java:269)
>         at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:436)
>         at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
>         at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
>         at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
>         at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
>         at org.apache.hadoop.http.TestSSLHttpServer.testExcludedCiphers(TestSSLHttpServer.java:176)
> {noformat}
> My source tree sync'd to:
> {noformat}
> 9ef89ed HDFS-11140. Directory Scanner should log startup message time correctly. Contributed
by Yiqun Lin.
> {noformat}
> My SSL environment:
> {noformat}
> $ curl -sS https://www.howsmyssl.com/a/check | python -m json.tool
> {
>     "able_to_detect_n_minus_one_splitting": false,
>     "beast_vuln": false,
>     "ephemeral_keys_supported": true,
>     "given_cipher_suites": [
>         "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
>         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
>         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
>         "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
>         "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
>         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
>         "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
>         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
>         "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
>         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
>         "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
>         "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
>         "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
>         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
>         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
>         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
>         "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
>         "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
>         "TLS_RSA_WITH_AES_256_GCM_SHA384",
>         "TLS_RSA_WITH_AES_256_CBC_SHA",
>         "TLS_RSA_WITH_AES_256_CBC_SHA256",
>         "TLS_RSA_WITH_AES_128_GCM_SHA256",
>         "TLS_RSA_WITH_AES_128_CBC_SHA",
>         "TLS_RSA_WITH_AES_128_CBC_SHA256",
>         "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
>         "TLS_RSA_WITH_RC4_128_SHA",
>         "TLS_RSA_WITH_RC4_128_MD5"
>     ],
>     "insecure_cipher_suites": {
>         "TLS_RSA_WITH_RC4_128_MD5": [
>             "uses RC4 which has insecure biases in its output"
>         ],
>         "TLS_RSA_WITH_RC4_128_SHA": [
>             "uses RC4 which has insecure biases in its output"
>         ]
>     },
>     "rating": "Bad",
>     "session_ticket_supported": false,
>     "tls_compression_supported": false,
>     "tls_version": "TLS 1.2",
>     "unknown_cipher_suite_supported": false
> }
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message