[
https://issues.apache.org/jira/browse/HADOOP-13874?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15795116#comment-15795116
]
Wei-Chiu Chuang commented on HADOOP-13874:
------------------------------------------
Hi [~jzhuge] is this test failure reproducible?
Looking at test code, I am pretty sure it's a test code issue.
> TestSSLHttpServer failures
> --------------------------
>
> Key: HADOOP-13874
> URL: https://issues.apache.org/jira/browse/HADOOP-13874
> Project: Hadoop Common
> Issue Type: Bug
> Components: security, test
> Affects Versions: 3.0.0-alpha2
> Reporter: John Zhuge
> Assignee: John Zhuge
> Priority: Critical
>
> All exceptions look like "Cannot support ... with currently installed
> providers". I am running Centos 7.2.1511 and native enabled.
> {noformat}
> Tests run: 5, Failures: 0, Errors: 3, Skipped: 0, Time elapsed: 1.593 sec <<<
> FAILURE! - in org.apache.hadoop.http.TestSSLHttpServer
> testExclusiveEnabledCiphers(org.apache.hadoop.http.TestSSLHttpServer) Time
> elapsed: 0.012 sec <<< ERROR!
> java.lang.IllegalArgumentException: Cannot support
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA with currently installed providers
> at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
> at
> sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461)
> at
> org.apache.hadoop.http.TestSSLHttpServer$PrefferedCipherSSLSocketFactory.createSocket(TestSSLHttpServer.java:269)
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:436)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
> at
> org.apache.hadoop.http.TestSSLHttpServer.testExclusiveEnabledCiphers(TestSSLHttpServer.java:227)
> testOneEnabledCiphers(org.apache.hadoop.http.TestSSLHttpServer) Time
> elapsed: 0.004 sec <<< ERROR!
> java.lang.IllegalArgumentException: Cannot support
> TLS_ECDHE_RSA_WITH_RC4_128_SHA with currently installed providers
> at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
> at
> sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461)
> at
> org.apache.hadoop.http.TestSSLHttpServer$PrefferedCipherSSLSocketFactory.createSocket(TestSSLHttpServer.java:269)
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:436)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
> at
> org.apache.hadoop.http.TestSSLHttpServer.testOneEnabledCiphers(TestSSLHttpServer.java:200)
> testExcludedCiphers(org.apache.hadoop.http.TestSSLHttpServer) Time elapsed:
> 0.015 sec <<< ERROR!
> java.lang.IllegalArgumentException: Cannot support
> TLS_ECDHE_RSA_WITH_RC4_128_SHA with currently installed providers
> at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
> at
> sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461)
> at
> org.apache.hadoop.http.TestSSLHttpServer$PrefferedCipherSSLSocketFactory.createSocket(TestSSLHttpServer.java:269)
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:436)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
> at
> org.apache.hadoop.http.TestSSLHttpServer.testExcludedCiphers(TestSSLHttpServer.java:176)
> {noformat}
> My source tree sync'd to:
> {noformat}
> 9ef89ed HDFS-11140. Directory Scanner should log startup message time
> correctly. Contributed by Yiqun Lin.
> {noformat}
> My SSL environment:
> {noformat}
> $ curl -sS https://www.howsmyssl.com/a/check | python -m json.tool
> {
> "able_to_detect_n_minus_one_splitting": false,
> "beast_vuln": false,
> "ephemeral_keys_supported": true,
> "given_cipher_suites": [
> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
> "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
> "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
> "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
> "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
> "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
> "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
> "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
> "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
> "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
> "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
> "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
> "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
> "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
> "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
> "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
> "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
> "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
> "TLS_RSA_WITH_AES_256_GCM_SHA384",
> "TLS_RSA_WITH_AES_256_CBC_SHA",
> "TLS_RSA_WITH_AES_256_CBC_SHA256",
> "TLS_RSA_WITH_AES_128_GCM_SHA256",
> "TLS_RSA_WITH_AES_128_CBC_SHA",
> "TLS_RSA_WITH_AES_128_CBC_SHA256",
> "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
> "TLS_RSA_WITH_RC4_128_SHA",
> "TLS_RSA_WITH_RC4_128_MD5"
> ],
> "insecure_cipher_suites": {
> "TLS_RSA_WITH_RC4_128_MD5": [
> "uses RC4 which has insecure biases in its output"
> ],
> "TLS_RSA_WITH_RC4_128_SHA": [
> "uses RC4 which has insecure biases in its output"
> ]
> },
> "rating": "Bad",
> "session_ticket_supported": false,
> "tls_compression_supported": false,
> "tls_version": "TLS 1.2",
> "unknown_cipher_suite_supported": false
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
