[ https://issues.apache.org/jira/browse/ARTEMIS-3038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17262641#comment-17262641 ]
Robbie Gemmell commented on ARTEMIS-3038: ----------------------------------------- The old KRB5 cipher suites wont be updated, the support of them was removed entirely when support for TLS 1.3 was being added in JDK11, from [http://openjdk.java.net/jeps/332]: {quote} Additionally, the KRB5 cipher suites will be removed from the JDK because they are no longer considered safe to use. {quote} I excluded the overall test from running on JDK11+ in [https://github.com/apache/activemq-artemis/commit/50bf1ef] since it could never work there. Presumably newer JDK 8's also disabled the ciphers by default since the test was added, like other older ciphers periodically get disabled by default. Alternatively, maybe they were also removed entirely when TLS 1.3 was backported to Java 8 recently. Checking [https://bugs.openjdk.java.net/browse/JDK-8248721] for the backport, it says they are not suported with TLS 1.3 but the backport was modified so they were retained for prior TLS versions but are now disabled by default. The test could be made conditional with a junit assumption on Java 8, e.g create an SSLEngine and verify whether the cipher is supported and enabled.Though if the ciphers are disabled by default on all recent JDKs, it will then just never run without additional trickery. Alternatively, since the client itself is likely to be largely unaware of and unimportant to this feature being used given it is part of the TLS process, and the ciphers requried have long not been recommended to be used, and the test is already entirely disabled at the current time by https://github.com/apache/activemq-artemis/commit/4e2eda82f33e5cb2266df0fcc2512d9bb5185054, perhaps the test should simply just be removed and the feature forgotten about. > Investigate > CoreClientOverOneWaySSLKerb5Test#testOneWaySSLWithGoodClientCipherSuite > ----------------------------------------------------------------------------------- > > Key: ARTEMIS-3038 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3038 > Project: ActiveMQ Artemis > Issue Type: Task > Reporter: Clebert Suconic > Assignee: Gary Tully > Priority: Major > > CoreClientOverOneWaySSLKerb5Test#testOneWaySSLWithGoodClientCipherSuite is > failing because of: > > [https://www.oracle.com/security-alerts/poodlecve-2014-3566.html] > > I set the test with an ignore .. until we investigate what we should do. -- This message was sent by Atlassian Jira (v8.3.4#803005)