[jira] [Commented] (DERBY-6778) SSL tests are failing on 10.8 codeline with IBM jdk 1.4.2 after poodle security backport

Tue, 09 Dec 2014 23:54:27 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-6778?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14240777#comment-14240777
 ] 

Mamta A. Satoor commented on DERBY-6778:
----------------------------------------

I have been debugging the failures as found at
http://people.apache.org/~myrnavl/derby_test_results/v10_8/windows/testlog/ibm142/1643050-suites.All_diff.txt
 and
http://people.apache.org/~myrnavl/derby_test_results/v10_8/linux/testlog/ibm142/1643044-suites.All_diff.txt

The issue is very specific to IBM Jdk 1.4.2 and does not happen with other 
higher jdks. The problem can be reproduced by starting the Network Server on 
10.8 codeline with IBM jdk 1.4.2 and pinging that server will result in 
handshake failure. 
eg
1)Start the server
java -Djavax.net.ssl.keyStore=SSLTestServerKey.key 
-Djavax.net.ssl.keyStorePassword=qwerty 
org.apache.derby.drda.NetworkServerControl  -p 1529 start -ssl basic &
2)ping the server
java -Djavax.net.ssl.keyStore=SSLTestServerKey.key 
-Djavax.net.ssl.keyStorePassword=qwerty 
org.apache.derby.drda.NetworkServerControl -p 1529 ping -ssl basic 

Note that I have SSLTestServerKey.key  in my directory in order to user SSL 
basic configuration.

I tried the same experiment with Derby 10.8 network server with IBM jdk1.4.2 
but the ping coming from a higher jdk and it gave little more useful 
information about server trying to use the disabled SSLv3 server and thus 
causing the handshake between client and server to fail.

In order to resolve this issue specific with IBM jdk1.4.2, I am working on 10.8 
codeline to disable the poodle security fix in 10.8 codeline just for IBM 
jdk1.4.2. Hopefully since Jdk 1.4.2 is so old, there are no many people still 
using it and hence they will not risk into poodle security.

After the tests have run successfully on jdk1.4.2 and higher jdk with my 
changes, I will commit it. I will post the patch for review tomorrow.

> SSL tests are failing on 10.8 codeline with IBM jdk 1.4.2 after poodle 
> security backport
> ----------------------------------------------------------------------------------------
>
>                 Key: DERBY-6778
>                 URL: https://issues.apache.org/jira/browse/DERBY-6778
>             Project: Derby
>          Issue Type: Bug
>          Components: Test
>    Affects Versions: 10.8.3.3
>            Reporter: Mamta A. Satoor
>            Assignee: Mamta A. Satoor
>
> DERBY-6764(analyze impact of poodle security alert on Derby client - server 
> ssl support) was fixed in 10.12 codeline. The backport of the fix to 
> 10.8(other codelines do not have this issue) has caused SSL related tests to 
> fail on 10.8 codeline with IBM jdk 1.4.2. This jira is created to provide a 
> fix on 10.8 codeline for IBM jdk 1.4.2



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to