lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cao Manh Dat (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SOLR-12988) Avoid using TLSv1.3 for HttpClient
Date Tue, 18 Jun 2019 10:34:00 GMT

     [ https://issues.apache.org/jira/browse/SOLR-12988?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Cao Manh Dat updated SOLR-12988:
--------------------------------
    Description: 
HTTPCLIENT-1967 indicates that HttpClient can't be used properly with TLSv1.3. It caused some
test failures below, therefore we should enforce HttpClient to uses TLSv1.2 or lower versions.

TestMiniSolrCloudClusterSSL.testSslWithCheckPeerName seems to fail 100% of the time when run
with java11 (or java12), regardless of seed, on both master & 7x.

The nature of the problem and the way our htp stack works suggests it *may* ultimately be
a jetty bug (perhaps related to [jetty issue#2711|https://github.com/eclipse/jetty.project/issues/2711]?)

*HOWEVER* ... as far as i can tell, whatever the root cause is, seems to have been fixed on
the {{jira/http2}} branch (as of 52bc163dc1804c31af09c1fba99647005da415ad) which should hopefully
be getting merged to master soon.

Filing this issue largely for tracking purpose, although we may also want to use it for discussions/considerations
of other backports/fixes to 7x

  was:
HTTPCLIENT-1967 indicates that HttpClient can't be used properly with TLSv1.3. It caused some
test failures below, we should enforce HttpClient to uses TLSv1.2 

TestMiniSolrCloudClusterSSL.testSslWithCheckPeerName seems to fail 100% of the time when run
with java11 (or java12), regardless of seed, on both master & 7x.

The nature of the problem and the way our htp stack works suggests it *may* ultimately be
a jetty bug (perhaps related to [jetty issue#2711|https://github.com/eclipse/jetty.project/issues/2711]?)

*HOWEVER* ... as far as i can tell, whatever the root cause is, seems to have been fixed on
the {{jira/http2}} branch (as of 52bc163dc1804c31af09c1fba99647005da415ad) which should hopefully
be getting merged to master soon.

Filing this issue largely for tracking purpose, although we may also want to use it for discussions/considerations
of other backports/fixes to 7x


> Avoid using TLSv1.3 for HttpClient
> ----------------------------------
>
>                 Key: SOLR-12988
>                 URL: https://issues.apache.org/jira/browse/SOLR-12988
>             Project: Solr
>          Issue Type: Test
>            Reporter: Hoss Man
>            Assignee: Cao Manh Dat
>            Priority: Major
>              Labels: Java11, Java12
>         Attachments: SOLR-13413.patch
>
>
> HTTPCLIENT-1967 indicates that HttpClient can't be used properly with TLSv1.3. It caused
some test failures below, therefore we should enforce HttpClient to uses TLSv1.2 or lower
versions.
> TestMiniSolrCloudClusterSSL.testSslWithCheckPeerName seems to fail 100% of the time when
run with java11 (or java12), regardless of seed, on both master & 7x.
> The nature of the problem and the way our htp stack works suggests it *may* ultimately
be a jetty bug (perhaps related to [jetty issue#2711|https://github.com/eclipse/jetty.project/issues/2711]?)
> *HOWEVER* ... as far as i can tell, whatever the root cause is, seems to have been fixed
on the {{jira/http2}} branch (as of 52bc163dc1804c31af09c1fba99647005da415ad) which should
hopefully be getting merged to master soon.
> Filing this issue largely for tracking purpose, although we may also want to use it for
discussions/considerations of other backports/fixes to 7x



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message