[ https://issues.apache.org/jira/browse/KAFKA-12790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17367686#comment-17367686 ]
Uwe Eisele edited comment on KAFKA-12790 at 6/22/21, 9:19 PM: -------------------------------------------------------------- It looks like that the test also no longer runs on JDK 11. Basically it is stated in https://bugs.openjdk.java.net/browse/JDK-8256490 which says that as of JDK 11.0.11 TLSv1.1 is disabled by default. I executed the test in a Docker container with JDK 11.0.10 and JDK 11.0.11 (see https://github.com/ueisele/kafka/tree/fix/ssltransportlayertest/ci). JDK 11.0.10 {code:java} ./ci/do_in_docker 11.0.10 ./gradlew clients:unitTest --tests SslTransportLayerTest.testUnsupportedTLSVersion --rerun-tasks ... > Task :clients:unitTest SslTransportLayerTest > [1] tlsProtocol=TLSv1.2, useInlinePem=false PASSED SslTransportLayerTest > [2] tlsProtocol=TLSv1.2, useInlinePem=true PASSED SslTransportLayerTest > [3] tlsProtocol=TLSv1.3, useInlinePem=false PASSED {code} JDK 11.0.11 {code:java} ./ci/do_in_docker 11.0.11 ./gradlew clients:unitTest --tests SslTransportLayerTest.testUnsupportedTLSVersion --rerun-tasks ... > Task :clients:unitTest org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[1] failed, log available in /home/appuser/kafka/clients/build/reports/testOutput/org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[1].test.stdout SslTransportLayerTest > [1] tlsProtocol=TLSv1.2, useInlinePem=false FAILED org.opentest4j.AssertionFailedError: Condition not met within timeout 15000. Metric not updated failed-authentication-total expected:<1.0> but was:<0.0> ==> expected: <true> but was: <false> at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55) at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:40) at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:193) at org.apache.kafka.test.TestUtils.lambda$waitForCondition$3(TestUtils.java:303) at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:351) at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:319) at org.apache.kafka.test.TestUtils.waitForCondition(TestUtils.java:300) at org.apache.kafka.common.network.NioEchoServer.waitForMetrics(NioEchoServer.java:196) at org.apache.kafka.common.network.NioEchoServer.verifyAuthenticationMetrics(NioEchoServer.java:155) at org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(SslTransportLayerTest.java:644) org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[2] failed, log available in /home/appuser/kafka/clients/build/reports/testOutput/org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[2].test.stdout SslTransportLayerTest > [2] tlsProtocol=TLSv1.2, useInlinePem=true FAILED org.opentest4j.AssertionFailedError: Condition not met within timeout 15000. Metric not updated failed-authentication-total expected:<1.0> but was:<0.0> ==> expected: <true> but was: <false> at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55) at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:40) at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:193) at org.apache.kafka.test.TestUtils.lambda$waitForCondition$3(TestUtils.java:303) at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:351) at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:319) at org.apache.kafka.test.TestUtils.waitForCondition(TestUtils.java:300) at org.apache.kafka.common.network.NioEchoServer.waitForMetrics(NioEchoServer.java:196) at org.apache.kafka.common.network.NioEchoServer.verifyAuthenticationMetrics(NioEchoServer.java:155) at org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(SslTransportLayerTest.java:644) org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[3] failed, log available in /home/appuser/kafka/clients/build/reports/testOutput/org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[3].test.stdout SslTransportLayerTest > [3] tlsProtocol=TLSv1.3, useInlinePem=false FAILED org.opentest4j.AssertionFailedError: Condition not met within timeout 15000. Metric not updated failed-authentication-total expected:<1.0> but was:<0.0> ==> expected: <true> but was: <false> at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55) at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:40) at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:193) at org.apache.kafka.test.TestUtils.lambda$waitForCondition$3(TestUtils.java:303) at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:351) at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:319) at org.apache.kafka.test.TestUtils.waitForCondition(TestUtils.java:300) at org.apache.kafka.common.network.NioEchoServer.waitForMetrics(NioEchoServer.java:196) at org.apache.kafka.common.network.NioEchoServer.verifyAuthenticationMetrics(NioEchoServer.java:155) at org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(SslTransportLayerTest.java:644) 3 tests completed, 3 failed {code} To execute tests which require TLSv1.1 support with current JDKs, TLSv1.1 must be removed from the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file. I also tested this and in this case I could execute the test testUnsupportedTlsVersion with the newest version of JDK 11. I now, this task is about JDK 16, but for me it looks like that also for JDK 16 the reason is that TLSv1.1 has been disabled by default. was (Author: ueisele): It looks like that the test also no longer runs on JDK 11. Basically its stated in https://bugs.openjdk.java.net/browse/JDK-8256490 which says that as of JDK 11.0.11 TLSv1.1 is disabled by default. I executed the test in a Docker container with JDK 11.0.10 and JDK 11.0.11 (see https://github.com/ueisele/kafka/tree/fix/ssltransportlayertest/ci). JDK 11.0.10 {code:java} ./ci/do_in_docker 11.0.10 ./gradlew clients:unitTest --tests SslTransportLayerTest.testUnsupportedTLSVersion --rerun-tasks ... > Task :clients:unitTest SslTransportLayerTest > [1] tlsProtocol=TLSv1.2, useInlinePem=false PASSED SslTransportLayerTest > [2] tlsProtocol=TLSv1.2, useInlinePem=true PASSED SslTransportLayerTest > [3] tlsProtocol=TLSv1.3, useInlinePem=false PASSED {code} JDK 11.0.11 {code:java} ./ci/do_in_docker 11.0.11 ./gradlew clients:unitTest --tests SslTransportLayerTest.testUnsupportedTLSVersion --rerun-tasks ... > Task :clients:unitTest org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[1] failed, log available in /home/appuser/kafka/clients/build/reports/testOutput/org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[1].test.stdout SslTransportLayerTest > [1] tlsProtocol=TLSv1.2, useInlinePem=false FAILED org.opentest4j.AssertionFailedError: Condition not met within timeout 15000. Metric not updated failed-authentication-total expected:<1.0> but was:<0.0> ==> expected: <true> but was: <false> at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55) at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:40) at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:193) at org.apache.kafka.test.TestUtils.lambda$waitForCondition$3(TestUtils.java:303) at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:351) at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:319) at org.apache.kafka.test.TestUtils.waitForCondition(TestUtils.java:300) at org.apache.kafka.common.network.NioEchoServer.waitForMetrics(NioEchoServer.java:196) at org.apache.kafka.common.network.NioEchoServer.verifyAuthenticationMetrics(NioEchoServer.java:155) at org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(SslTransportLayerTest.java:644) org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[2] failed, log available in /home/appuser/kafka/clients/build/reports/testOutput/org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[2].test.stdout SslTransportLayerTest > [2] tlsProtocol=TLSv1.2, useInlinePem=true FAILED org.opentest4j.AssertionFailedError: Condition not met within timeout 15000. Metric not updated failed-authentication-total expected:<1.0> but was:<0.0> ==> expected: <true> but was: <false> at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55) at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:40) at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:193) at org.apache.kafka.test.TestUtils.lambda$waitForCondition$3(TestUtils.java:303) at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:351) at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:319) at org.apache.kafka.test.TestUtils.waitForCondition(TestUtils.java:300) at org.apache.kafka.common.network.NioEchoServer.waitForMetrics(NioEchoServer.java:196) at org.apache.kafka.common.network.NioEchoServer.verifyAuthenticationMetrics(NioEchoServer.java:155) at org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(SslTransportLayerTest.java:644) org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[3] failed, log available in /home/appuser/kafka/clients/build/reports/testOutput/org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[3].test.stdout SslTransportLayerTest > [3] tlsProtocol=TLSv1.3, useInlinePem=false FAILED org.opentest4j.AssertionFailedError: Condition not met within timeout 15000. Metric not updated failed-authentication-total expected:<1.0> but was:<0.0> ==> expected: <true> but was: <false> at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55) at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:40) at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:193) at org.apache.kafka.test.TestUtils.lambda$waitForCondition$3(TestUtils.java:303) at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:351) at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:319) at org.apache.kafka.test.TestUtils.waitForCondition(TestUtils.java:300) at org.apache.kafka.common.network.NioEchoServer.waitForMetrics(NioEchoServer.java:196) at org.apache.kafka.common.network.NioEchoServer.verifyAuthenticationMetrics(NioEchoServer.java:155) at org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(SslTransportLayerTest.java:644) 3 tests completed, 3 failed {code} To execute tests which require TLSv1.1 support with current JDKs, TLSv1.1 must be removed from the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file. I also tested this and in this case I could execute the test testUnsupportedTlsVersion with the newest version of JDK 11. I now, this task is about JDK 16, but for me it looks like that also for JDK 16 the reason is that TLSv1.1 has been disabled by default. > Fix SslTransportLayerTest.testUnsupportedTlsVersion with JDK 16 > --------------------------------------------------------------- > > Key: KAFKA-12790 > URL: https://issues.apache.org/jira/browse/KAFKA-12790 > Project: Kafka > Issue Type: Sub-task > Reporter: Ismael Juma > Assignee: Rajini Sivaram > Priority: Major > Fix For: 3.0.0 > > > Details can be found in the PR: > https://github.com/apache/kafka/pull/10415#issuecomment-808230478 -- This message was sent by Atlassian Jira (v8.3.4#803005)