[
https://issues.apache.org/jira/browse/ATLAS-349?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15152143#comment-15152143
]
ATLAS QA commented on ATLAS-349:
--------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12788410/ATLAS-349-v1.patch
against master revision a2cc01c.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
+1 checkstyle. The patch generated 0 code style errors.
{color:red}-1 findbugs{color}. The patch appears to introduce 334 new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in :
./webapp/test-output/junitreports/TEST-org.apache.atlas.web.resources.EntityJerseyResourceIT
./webapp/test-output/junitreports/TEST-org.apache.atlas.web.resources.MetadataDiscoveryJerseyResourceIT
./webapp/test-output/junitreports/TEST-org.apache.atlas.web.resources.RexsterGraphJerseyResourceIT
./webapp/test-output/junitreports/TEST-org.apache.atlas.web.resources.AdminJerseyResourceIT
./webapp/test-output/junitreports/TEST-org.apache.atlas.web.resources.TypesJerseyResourceIT
Test results:
https://builds.apache.org/job/PreCommit-ATLAS-Build/20//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ATLAS-Build/20//artifact/patchprocess/newPatchFindbugsWarningsnotification.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ATLAS-Build/20//artifact/patchprocess/newPatchFindbugsWarningscommon.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ATLAS-Build/20//artifact/patchprocess/newPatchFindbugsWarningsclient.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ATLAS-Build/20//artifact/patchprocess/newPatchFindbugsWarningstitan.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ATLAS-Build/20//artifact/patchprocess/newPatchFindbugsWarningstypesystem.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ATLAS-Build/20//artifact/patchprocess/newPatchFindbugsWarningsrepository.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ATLAS-Build/20//artifact/patchprocess/newPatchFindbugsWarningswebapp.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ATLAS-Build/20//artifact/patchprocess/newPatchFindbugsWarningsfalcon-bridge.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ATLAS-Build/20//artifact/patchprocess/newPatchFindbugsWarningshive-bridge.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ATLAS-Build/20//artifact/patchprocess/newPatchFindbugsWarningsstorm-bridge.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ATLAS-Build/20//artifact/patchprocess/newPatchFindbugsWarningssqoop-bridge.html
Console output: https://builds.apache.org/job/PreCommit-ATLAS-Build/20//console
This message is automatically generated.
> SSL - Atlas SSL connection has weak/unsafe Ciphers suites
> ---------------------------------------------------------
>
> Key: ATLAS-349
> URL: https://issues.apache.org/jira/browse/ATLAS-349
> Project: Atlas
> Issue Type: Bug
> Affects Versions: 0.6-incubating
> Reporter: Naima Djouhri
> Assignee: Naima Djouhri
> Fix For: trunk
>
> Attachments: ATLAS-349-V0.patch, ATLAS-349-v1.patch
>
>
> After establishing an Atlas SSL , I wanted to see the Cipher suites of the
> Atlas server.
> Run the following
> nmap –Pn –script ssl-cert, ssl-enum-ciphers –p 21443 localhost
> Got the following results
> ssl-enum-ciphers:
> TLSv1.0:
> ciphers:
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - E
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - C
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp160k1) - E
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp160k1) - C
> TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp160k1) - C
> TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 512) - E
> TLS_RSA_WITH_AES_128_CBC_SHA (rsa 512) - C
> TLS_RSA_WITH_RC4_128_MD5 (rsa 512) - C
> TLS_RSA_WITH_RC4_128_SHA (rsa 512) - C
> compressors:
> NULL
> cipher preference: client
> warnings:
> Ciphersuite uses MD5 for message integrity
> Weak certificate signature: SHA1
> _ least strength: E
> AC Address: 00:00:00:41:47:4E (Xerox)
> map done: 1 IP address (1 host up) scanned in 8.75 seconds
> The unsafe ciphers need to be excluded
> Per jetty/Configuring/SSL/TLS documentation at the section Disabling/Enabling
> specific cipher suites
> http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html
> ExcludeCipherSuites need to be set
> But since Atlas has an embedded jetty, this property need to be set to
> exclude the weak/unsafe cipher suites
> The Open Web Application Project (OWASP) has a nice recommendation tools for
> testing for weak SSL/TLS ciphers
> https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_%28OTG-CRYPST-001%29#Tools
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
