nizhikov commented on a change in pull request #8695:
URL: https://github.com/apache/kafka/pull/8695#discussion_r433102140
##########
File path:
clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
##########
@@ -580,7 +581,16 @@ public void testTLSDefaults() throws Exception {
@Test
public void testUnsupportedCipher() throws Exception {
- String[] cipherSuites = ((SSLServerSocketFactory)
SSLServerSocketFactory.getDefault()).getSupportedCipherSuites();
+ String[] cipherSuites;
+ if (Java.IS_JAVA11_COMPATIBLE) {
+ cipherSuites = new String[] {
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
Review comment:
We should use correct cipher for the server(which uses `TLSv1.3` in case
Java11) otherwise server metrics not updated because we never get
`AuthenticationException` on the server-side. Instead of it, we get
`IOException` from `SSLTransportLayer`:
```
private SSLEngineResult handshakeUnwrap(boolean doRead, boolean
ignoreHandshakeStatus) throws IOException {
...
// Throw EOF exception for failed read after processing already
received data
// so that handshake failures are reported correctly
if (read == -1)
throw new EOFException("EOF during handshake, handshake status
is " + handshakeStatus);
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
