ijuma commented on a change in pull request #8695:
URL: https://github.com/apache/kafka/pull/8695#discussion_r433279649
##########
File path:
clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
##########
@@ -580,7 +581,16 @@ public void testTLSDefaults() throws Exception {
@Test
public void testUnsupportedCipher() throws Exception {
- String[] cipherSuites = ((SSLServerSocketFactory)
SSLServerSocketFactory.getDefault()).getSupportedCipherSuites();
+ String[] cipherSuites;
+ if (Java.IS_JAVA11_COMPATIBLE) {
+ cipherSuites = new String[] {
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
Review comment:
Maybe we add `checkAuthentiationFailed` to `testUnsupportedCiphers` and
delete this test.
##########
File path:
clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
##########
@@ -622,6 +632,108 @@ public void testUnsupportedTLSVersion() throws Exception {
server.verifyAuthenticationMetrics(0, 1);
}
+ /**
+ * Tests that connections fails if TLSv1.3 enabled but cipher suite
suitable only for TLSv1.2 used.
+ */
+ @Test
+ public void testCiphersSuiteForTls12FailsForTls13() throws Exception {
+ assumeTrue(Java.IS_JAVA11_COMPATIBLE);
+
+ SSLContext context = SSLContext.getInstance(tlsProtocol);
+ context.init(null, null, null);
Review comment:
These two lines are unused.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
