[
https://issues.apache.org/jira/browse/SOLR-9068?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hoss Man updated SOLR-9068:
---------------------------
Description:
In parent issue SOLR-5776, NullSecureRandom was introduced and SSLTestConfig
was refactored so that both client & server would use it to prevent blocked
threads waiting for entropy.
Since those commits to master & branch_6x, all Solaris jenkins builds got
failures at the same spots in
TestMiniSolrCloudClusterSSL.testSslAndNoClientAuth - and looking at the logs
the root cause appears to be intranode communication failures due to
"javax.crypto.BadPaddingException"
Initial speculation was that perhaps the Solaris SSL impl has bugs in it's
padding code that are tickled when the SecureRandom instance returns long
strings of null bytes, but subsequently we got reports of similar, less
frequently occuring, bugs on other OSs (see SOLR-9082).
was:
In parent issue SOLR-5776, NullSecureRandom was introduced and SSLTestConfig
was refactored so that both client & server would use it to prevent blocked
threads waiting for entropy.
Since those commits to master & branch_6x, both Solaris jenkins builds have
seen failures at the same spots in
TestMiniSolrCloudClusterSSL.testSslAndNoClientAuth - and looking at the logs
the root cause appears to be intranode communication failures due to
"javax.crypto.BadPaddingException"
Perhaps the Solaris SSL impl has bugs in it's padding code that are tickeled
when the SecureRandom instance returns long strings of null bytes?
Summary: BadPaddingException when running SSL test using
NullSecureRandom (was: Solaris SSL test failures when using NullSecureRandom?)
revised summary & description based on new evidence of this popping up on other
operating systems (see SOLR-9082) ... although much less often then on Solaris.
I plan to rollback the conditional logic i added in my last commit and just
complely replace "NullSecureRandom" with the code Uwe already beasted for me
and rename it "NotSecurePsuedoRandom" (since NullSecureRandom as a name really
won't apply anymore)
> BadPaddingException when running SSL test using NullSecureRandom
> ----------------------------------------------------------------
>
> Key: SOLR-9068
> URL: https://issues.apache.org/jira/browse/SOLR-9068
> Project: Solr
> Issue Type: Sub-task
> Reporter: Hoss Man
> Fix For: 4.9, master
>
> Attachments: SOLR-9068.Lucene-Solr-6.x-Solaris_110.log,
> SOLR-9068.Lucene-Solr-master-Solaris_558.log, SOLR-9068.patch, SOLR-9068.patch
>
>
> In parent issue SOLR-5776, NullSecureRandom was introduced and SSLTestConfig
> was refactored so that both client & server would use it to prevent blocked
> threads waiting for entropy.
> Since those commits to master & branch_6x, all Solaris jenkins builds got
> failures at the same spots in
> TestMiniSolrCloudClusterSSL.testSslAndNoClientAuth - and looking at the logs
> the root cause appears to be intranode communication failures due to
> "javax.crypto.BadPaddingException"
> Initial speculation was that perhaps the Solaris SSL impl has bugs in it's
> padding code that are tickled when the SecureRandom instance returns long
> strings of null bytes, but subsequently we got reports of similar, less
> frequently occuring, bugs on other OSs (see SOLR-9082).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
