This is an automated email from the ASF dual-hosted git repository.
fanningpj pushed a commit to branch 1.5.x
in repository https://gitbox.apache.org/repos/asf/pekko.git
The following commit(s) were added to refs/heads/1.5.x by this push:
new a497179830 backport TlsSpec from main branch to fix the CI build
(#2678)
a497179830 is described below
commit a497179830a462f761fbc7568538c3e0d2e39318
Author: PJ Fanning <[email protected]>
AuthorDate: Thu Feb 26 09:54:17 2026 +0100
backport TlsSpec from main branch to fix the CI build (#2678)
* backport TlsSpec from main branch
* remove broken SessionRenegotiationFirstOne
---
.../apache/pekko/stream/io/DeprecatedTlsSpec.scala | 22 +++---------
.../scala/org/apache/pekko/stream/io/TlsSpec.scala | 39 +++++++++-------------
2 files changed, 20 insertions(+), 41 deletions(-)
diff --git
a/stream-tests/src/test/scala/org/apache/pekko/stream/io/DeprecatedTlsSpec.scala
b/stream-tests/src/test/scala/org/apache/pekko/stream/io/DeprecatedTlsSpec.scala
index 828d371c2a..8868c4a072 100644
---
a/stream-tests/src/test/scala/org/apache/pekko/stream/io/DeprecatedTlsSpec.scala
+++
b/stream-tests/src/test/scala/org/apache/pekko/stream/io/DeprecatedTlsSpec.scala
@@ -345,30 +345,16 @@ class DeprecatedTlsSpec extends
StreamSpec(DeprecatedTlsSpec.configOverrides) wi
}
}
- object SessionRenegotiationFirstOne extends PayloadScenario {
- override def flow = logCipherSuite
- def inputs =
NegotiateNewSession.withCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA") ::
send("hello") :: Nil
- def output = ByteString("TLS_RSA_WITH_AES_128_CBC_SHAhello")
- }
-
object SessionRenegotiationFirstTwo extends PayloadScenario {
override def flow = logCipherSuite
def inputs =
NegotiateNewSession.withCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA") ::
send("hello") :: Nil
def output = ByteString("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHAhello")
}
- val renegotiationScenarios = if (JavaVersion.majorVersion <= 21)
- Seq(
- SessionRenegotiationBySender,
- SessionRenegotiationByReceiver,
- SessionRenegotiationFirstOne,
- SessionRenegotiationFirstTwo)
- else
- // skip SessionRenegotiationFirstOne as it uses a weak cipher suite and
the test will fail
- Seq(
- SessionRenegotiationBySender,
- SessionRenegotiationByReceiver,
- SessionRenegotiationFirstTwo)
+ val renegotiationScenarios = Seq(
+ SessionRenegotiationBySender,
+ SessionRenegotiationByReceiver,
+ SessionRenegotiationFirstTwo)
val scenarios =
Seq(
diff --git
a/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala
b/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala
index 1e47f4d198..def7d4eee9 100644
--- a/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala
+++ b/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala
@@ -42,7 +42,11 @@ object TlsSpec {
val rnd = new Random
- val TLS12Ciphers: Set[String] = Set("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA")
+ // Use forward-secrecy enabled cipher suites that are supported in Java 17+
+ // TLS_RSA_* cipher suites have been disabled by default in Java 17+
+ val TLS12Ciphers: Set[String] = Set(
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
val TLS13Ciphers: Set[String] = Set("TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384")
def initWithTrust(trustPath: String, protocol: String): SSLContext = {
@@ -378,31 +382,20 @@ class TlsSpec extends StreamSpec(TlsSpec.configOverrides)
with WithLogCapturing
}
}
- object SessionRenegotiationFirstOne extends PayloadScenario {
- override def flow = logCipherSuite
- def inputs =
NegotiateNewSession.withCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA") ::
send("hello") :: Nil
- def output = ByteString("TLS_RSA_WITH_AES_128_CBC_SHAhello")
- }
-
object SessionRenegotiationFirstTwo extends PayloadScenario {
override def flow = logCipherSuite
- def inputs =
NegotiateNewSession.withCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA") ::
send("hello") :: Nil
- def output = ByteString("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHAhello")
+ def inputs =
NegotiateNewSession.withCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256")
:: send("hello") ::
+ Nil
+ def output = ByteString("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256hello")
}
val renegotiationScenarios = if (protocol == "TLSv1.2") {
- if (JavaVersion.majorVersion <= 21)
- Seq(
- SessionRenegotiationBySender,
- SessionRenegotiationByReceiver,
- SessionRenegotiationFirstOne,
- SessionRenegotiationFirstTwo)
- else
- // skip SessionRenegotiationFirstOne as it uses a weak cipher suite
and the test will fail
- Seq(
- SessionRenegotiationBySender,
- SessionRenegotiationByReceiver,
- SessionRenegotiationFirstTwo)
+ // skip SessionRenegotiationFirstOne as it uses
TLS_RSA_WITH_AES_128_CBC_SHA
+ // which is a weak cipher suite that is disabled by default in Java 17+
+ Seq(
+ SessionRenegotiationBySender,
+ SessionRenegotiationByReceiver,
+ SessionRenegotiationFirstTwo)
} else
// TLSv1.3 doesn't support renegotiation
Nil
@@ -448,11 +441,11 @@ class TlsSpec extends StreamSpec(TlsSpec.configOverrides)
with WithLogCapturing
.collect { case SessionBytes(_, b) => b }
.scan(ByteString.empty)(_ ++ _)
.filter(_.nonEmpty)
- .via(new Timeout(10.seconds))
+ .via(new Timeout(15.seconds))
.dropWhile(_.size < scenario.output.size)
.runWith(Sink.headOption)
- Await.result(output,
12.seconds).getOrElse(ByteString.empty).utf8String should
be(scenario.output.utf8String)
+ Await.result(output,
17.seconds).getOrElse(ByteString.empty).utf8String should
be(scenario.output.utf8String)
commPattern.cleanup()
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
