[jira] [Updated] (SPARK-34073) cipher problem with IBM JDK

Mon, 11 Jan 2021 06:51:06 -0800 


     [ 
https://issues.apache.org/jira/browse/SPARK-34073?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Peter Heuchert updated SPARK-34073:
-----------------------------------
    Attachment: config

> cipher problem with IBM JDK
> ---------------------------
>
>                 Key: SPARK-34073
>                 URL: https://issues.apache.org/jira/browse/SPARK-34073
>             Project: Spark
>          Issue Type: Bug
>          Components: Spark Core
>    Affects Versions: 3.0.1
>         Environment: Red Hat Enterprise Linux Server release 7.9 (Maipo)
> java-1.8.0-ibm-1.8.0.6.10-1jpp.1.el7.x86_64
>  
> also tested with AIX 7.1 TL 5 and Java8_64.jre (8.0.0.616)
>            Reporter: Peter Heuchert
>            Priority: Major
>         Attachments: config
>
>
> We get following error message in log: 
>  
> {noformat}
> 21/01/11 11:37:00 INFO Master: Running Spark version 3.0.1
> 21/01/11 11:37:02 WARN SslContextFactory: No supported ciphers from 
> [SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 
> SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_RSA_WITH_AES_256_CBC_SHA256, 
> SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384, 
> SSL_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_DHE_DSS_WITH_AES_256_CBC_SHA256, 
> SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
> SSL_RSA_WITH_AES_256_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 
> SSL_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_AES_256_CBC_SHA, 
> SSL_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 
> SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_AES_128_CBC_SHA256, 
> SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256, 
> SSL_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_DHE_DSS_WITH_AES_128_CBC_SHA256, 
> SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
> SSL_RSA_WITH_AES_128_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 
> SSL_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, 
> SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 
> SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 
> SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_RSA_WITH_AES_256_GCM_SHA384, 
> SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384, 
> SSL_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_DHE_RSA_WITH_AES_256_GCM_SHA384, 
> SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_AES_128_GCM_SHA256, 
> SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256, 
> SSL_DHE_RSA_WITH_AES_128_GCM_SHA256, 
> SSL_DHE_DSS_WITH_AES_128_GCM_SHA256]{noformat}
>  
> and can not connect to the encrypted UI port and so on. Searching for this 
> error I found the information that [jetty blocks all ciphers starting with 
> SSL_|https://github.com/eclipse/jetty.project/issues/3817]. Unfortunately 
> does the IBM JDK we are using, name all ciphers with SSL_* instead of TLS_* 
> for the newer one.
> I was looking for the strings reported in the issue and found them in 
> spark-core_2.12-3.0.1.jar, file 
> org/sparkproject/jetty/util/ssl/SslContextFactory.class:
> {code:java}
> ^.*_(MD5|SHA|SHA1)$
> ^TLS_RSA_.*$
> ^SSL_.*$
> ^.*_NULL_.*$
> ^.*_anon_.*${code}
> I could not find the source to check if I can take influence with the 
> configuration on these definition.
> Does my analysis makes sense? And would it be possible to add a configuration 
> to not exclude the SSL_* ciphers, just for  JDKs that define different naming 
> schemes?
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to