[
https://issues.apache.org/jira/browse/AMQ-8169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17296094#comment-17296094
]
Lucas Tétreault commented on AMQ-8169:
--------------------------------------
It doesn't seem like a problem with the ssl cert. The old cert is a 2048-bit
RSA key and looking at the tls handshake the client and server negotiate on
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as the cipher suite which appears to be a
good, strong cipher according to this:
[https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html]
I tried generating a new key pair anyway and the test still fails and the
cipher suite used is the same:
{code:java}
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "73 63 64 39 98 C8 82 32 8C 68 AC B2 57 F0 C6 E5 E4
39 5F 92 48 91 63 59 44 4F 57 4E 47 52 44 01",
"session id" : "44 BE B7 9B A7 A2 ED 93 D6 7F 1C 53 D3 00 D1 FC 31
48 71 FA 51 43 5B 5E D0 BE 47 D0 91 0C D8 0F",
"cipher suite" : "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
"compression methods" : "00",
"extensions" : [
"extended_master_secret (23)": {
<empty>
},
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
)
javax.net.ssl|FINE|12|ActiveMQ BrokerService[localhost] Task-1|2021-03-04
23:25:35.164 PST|Logger.java:765|Produced server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "32 F8 37 03",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=localhost, OU=activemq.org, O=activemq.org,
L=LA, ST=CA, C=US",
"not before" : "2021-03-04 23:16:43.000 PST",
"not after" : "2121-02-08 23:16:43.000 PST",
"subject" : "CN=localhost, OU=activemq.org, O=activemq.org,
L=LA, ST=CA, C=US",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F9 A4 A3 77 25 A6 D8 FE 30 8F CA 53 69 33 AD 76
...w%...0..Si3.v
0010: 34 42 E9 C7 4B..
]
]
}
]}
]
)
{code}
> StompNIOSSLTest test fails with more recent JDK 8 versions
> ----------------------------------------------------------
>
> Key: AMQ-8169
> URL: https://issues.apache.org/jira/browse/AMQ-8169
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.17.0
> Reporter: Matt Pavlovich
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 5.17.0
>
>
> The StompNIOSSL test fails during CI/CD tests with certain JDK versions. This
> blocks PR's from getting a green status
> To reproduce:
> [x] Fails with jdk1.8.0_281
> [x] Passes with jdk1.8.0_211
> Suspects:
> * The test SSL cert needs to be generated with a newer cipher and/or length
> * The NIOSSLTransport has a bad byte[] read bug
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
