[
https://issues.apache.org/jira/browse/KAFKA-7789?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16735729#comment-16735729
]
Tom Bentley commented on KAFKA-7789:
------------------------------------
This is caused by Fedora tightening up its system-wide crypto policies, as
described here: https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2.
Their changes to {{/etc/crypto-policies/back-ends/java.config}} set
{{jdk.certpath.disabledAlgorithms=MD2, MD5, DSA, RSA keySize < 2048}} thus
causing the KeyManager to reject RSA keys with size < 2048bits. The rejection
of the keys happens silently unless
{{-Djavax.net.debug=ssl,handshake,keymanager}} system property is set. The
{{TestSslUtils}} generates its keys with 1024 bit keys.
Fedora 29 users can change the policy to LEGACY with {{update-crypto-policies
--set LEGACY}} as root, but this enables the LEGACY algorithm support
system-wide.
The better option would be to update the unit tests to use 2048 bit keys.
> SSL-related unit tests hang when run on Fedora 29
> -------------------------------------------------
>
> Key: KAFKA-7789
> URL: https://issues.apache.org/jira/browse/KAFKA-7789
> Project: Kafka
> Issue Type: Bug
> Reporter: Tom Bentley
> Assignee: Tom Bentley
> Priority: Minor
>
> Various SSL-related unit tests (such as {{SslSelectorTest}}) hang when
> executed on Fedora 29.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
