[
https://issues.apache.org/jira/browse/SOLR-12988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16866833#comment-16866833
]
Cao Manh Dat commented on SOLR-12988:
-------------------------------------
{code}
At some point after that, after http2 was merged to master, the nature of the
failure changed – with openjdk 11.0.2 a NEW similar looing failure caused a
similar looking stack trace from
TestMiniSolrCloudClusterSSL.testSslWithCheckPeerName – but only on the
internode communication – NOT on the connection between the test client and the
first node.
{code}
I understand why this happened, since in branch http2 we used to use {{Jetty
client}} for many places. But SOLR-12081 makes some changes
(https://github.com/apache/lucene-solr/blob/2e468abecc98ffc6137fc5de2aefe8cd19cd6c8d/solr/core/src/java/org/apache/solr/cloud/api/collections/CreateCollectionCmd.java#L207).
So instead of using {{Jetty client}} we switched to {{Http Client}}. I just
don't want to revert Mark changes at that point of time, since I'm not totally
understand the reason of that.
But that is the reason why you saw {{the nature of the failure changed}}.
Anyway, l kinda *missed* this
{quote}
but that has been fixed in OpenJDK 11.0.3.
{quote}
If that is the case I'm good with remove the changes for enforcing HttpClient
to uses TLSv1.2 or lower versions.
If possible I will try to do that enforcement for *Java 11.0.2* or lower
versions. Does that makes sense [~hossman]
> Avoid using TLSv1.3 for HttpClient
> ----------------------------------
>
> Key: SOLR-12988
> URL: https://issues.apache.org/jira/browse/SOLR-12988
> Project: Solr
> Issue Type: Test
> Reporter: Hoss Man
> Assignee: Cao Manh Dat
> Priority: Major
> Labels: Java11, Java12
> Attachments: SOLR-13413.patch
>
>
> HTTPCLIENT-1967 indicates that HttpClient can't be used properly with
> TLSv1.3. It caused some test failures below, therefore we should enforce
> HttpClient to uses TLSv1.2 or lower versions.
> TestMiniSolrCloudClusterSSL.testSslWithCheckPeerName seems to fail 100% of
> the time when run with java11 (or java12), regardless of seed, on both master
> & 7x.
> The nature of the problem and the way our htp stack works suggests it *may*
> ultimately be a jetty bug (perhaps related to [jetty
> issue#2711|https://github.com/eclipse/jetty.project/issues/2711]?)
> *HOWEVER* ... as far as i can tell, whatever the root cause is, seems to have
> been fixed on the {{jira/http2}} branch (as of
> 52bc163dc1804c31af09c1fba99647005da415ad) which should hopefully be getting
> merged to master soon.
> Filing this issue largely for tracking purpose, although we may also want to
> use it for discussions/considerations of other backports/fixes to 7x
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
