[
https://issues.apache.org/jira/browse/AMQ-8169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17296357#comment-17296357
]
Lucas Tétreault commented on AMQ-8169:
--------------------------------------
I've been doing some more digging and it appears the intermittent issues we are
seeing were introduced in Oracle jdk1.8.0_261. I do not believe this to be a
flaky test, but rather a problem with AES GCM. I don't know if it's a JDK bug
or if it's an implementation problem.
With Oracle jdk1.8.0_251 the negotiated cipher suite is
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 and I am not able to recreate the test
failing.
With Oracle jdk1.8.0_261 the negotiated cipher suite is
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and I can easily recreate the test
failing. The difference in negotiated cipher suite appears to be due to [this
change|https://www.oracle.com/java/technologies/javase/8u261-relnotes.html#JDK-8028518]
to *Increase the priorities of GCM cipher suites*.
> StompNIOSSLTest test fails with more recent JDK 8 versions
> ----------------------------------------------------------
>
> Key: AMQ-8169
> URL: https://issues.apache.org/jira/browse/AMQ-8169
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.17.0
> Reporter: Matt Pavlovich
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 5.17.0
>
>
> The StompNIOSSL test fails during CI/CD tests with certain JDK versions. This
> blocks PR's from getting a green status
> To reproduce:
> [x] Fails with jdk1.8.0_281
> [x] Passes with jdk1.8.0_211
> Suspects:
> * The test SSL cert needs to be generated with a newer cipher and/or length
> * The NIOSSLTransport has a bad byte[] read bug
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
