Re: Unit Tests and OpenSSL Ciphers
On 6/27/2019 8:56 AM, Mark Thomas wrote: The ciphers supported by Ubuntu have changed. You need to use: openssl ciphers -v ALL:eNULL to see all of them. The short version is that ARIA ciphers are now supported. test.openssl.unimplemented=IDEA should fix it. Thanks, Mark! The part that puzzled me was that `openssl ciphers -v` did not show those ciphers and yet they appeared in the `ant test` logs. Adding `ALL:eNULL` indeed shows the ARIA ciphers. Best, Igal - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Unit Tests and OpenSSL Ciphers
On 27/06/2019 14:49, Mark Thomas wrote: > On 26/06/2019 23:01, Igal Sapir wrote: >> While testing Tomcat Native 1.2.23 two unit tests failed on my system: >> >> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.APR.txt >> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.APR.txt >> >> My build.properties includes the following: >> test.openssl.unimplemented=ARIA,IDEA >> >> Which adds any ciphers with the substring ARIA or IDEA in the name to >> the unimplemented list that should be ignored [1]. >> >> The failure message shows that the issue is with unexpected ciphers [2], >> e.g. ECDHE-ARIA128-GCM-SHA256+TLSv1.2, so the next thing I did was to >> check OpenSSL's version and ciphers. The version is the same as the >> build process shows in the logs, but I don't see ARIA ciphers there: >> >> $ openssl version >> OpenSSL 1.1.1 11 Sep 2018 >> $ openssl ciphers -v | grep ARIA >> >> Any ideas? > > First impressions are that the ciphers supported by the latest OpenSSL > versions have changed. However, I would have expected Gump to pick up on > that and it hasn't. > > More research required... The ciphers supported by Ubuntu have changed. You need to use: openssl ciphers -v ALL:eNULL to see all of them. The short version is that ARIA ciphers are now supported. test.openssl.unimplemented=IDEA should fix it. Mark > > Mark > >> >> Thanks, >> >> Igal >> >> [1] https://github.com/apache/tomcat/commit/a9c1a0661198 >> [2] Testcase: testOpenSSLCipherAvailability took 0.043 sec >> FAILED >> Unexpected cipher suites: ECDHE-ARIA128-GCM-SHA256+TLSv1.2 >> DHE-RSA-ARIA128-GCM-SHA256+TLSv1.2 DHE-DSS-ARIA256-GCM-SHA384+TLSv1.2 >> ECDHE-ECDSA-ARIA128-GCM-SHA256+TLSv1.2 ARIA256-GCM-SHA384+TLSv1.2 >> ECDHE-ARIA256-GCM-SHA384+TLSv1.2 DHE-RSA-ARIA256-GCM-SHA384+TLSv1.2 >> RSA-PSK-ARIA256-GCM-SHA384+TLSv1.2 >> ECDHE-ECDSA-ARIA256-GCM-SHA384+TLSv1.2 ARIA128-GCM-SHA256+TLSv1.2 >> RSA-PSK-ARIA128-GCM-SHA256+TLSv1.2 DHE-PSK-ARIA128-GCM-SHA256+TLSv1.2 >> DHE-DSS-ARIA128-GCM-SHA256+TLSv1.2 PSK-ARIA256-GCM-SHA384+TLSv1.2 >> DHE-PSK-ARIA256-GCM-SHA384+TLSv1.2 PSK-ARIA128-GCM-SHA256+TLSv1.2 >> expected:<0> but was:<16> >> junit.framework.AssertionFailedError: Unexpected cipher suites: >> ECDHE-ARIA128-GCM-SHA256+TLSv1.2 DHE-RSA-ARIA128-GCM-SHA256+TLSv1.2 >> DHE-DSS-ARIA256-GCM-SHA384+TLSv1.2 >> ECDHE-ECDSA-ARIA128-GCM-SHA256+TLSv1.2 ARIA256-GCM-SHA384+TLSv1.2 >> ECDHE-ARIA256-GCM-SHA384+TLSv1.2 DHE-RSA-ARIA256-GCM-SHA384+TLSv1.2 >> RSA-PSK-ARIA256-GCM-SHA384+TLSv1.2 >> ECDHE-ECDSA-ARIA256-GCM-SHA384+TLSv1.2 ARIA128-GCM-SHA256+TLSv1.2 >> RSA-PSK-ARIA128-GCM-SHA256+TLSv1.2 DHE-PSK-ARIA128-GCM-SHA256+TLSv1.2 >> DHE-DSS-ARIA128-GCM-SHA256+TLSv1.2 PSK-ARIA256-GCM-SHA384+TLSv1.2 >> DHE-PSK-ARIA256-GCM-SHA384+TLSv1.2 PSK-ARIA128-GCM-SHA256+TLSv1.2 >> expected:<0> but was:<16> >> at >> org.apache.tomcat.util.net.openssl.ciphers.TestCipher.testOpenSSLCipherAvailability(TestCipher.java:108) >> > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Unit Tests and OpenSSL Ciphers
On 26/06/2019 23:01, Igal Sapir wrote: > While testing Tomcat Native 1.2.23 two unit tests failed on my system: > > TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.APR.txt > TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.APR.txt > > My build.properties includes the following: > test.openssl.unimplemented=ARIA,IDEA > > Which adds any ciphers with the substring ARIA or IDEA in the name to > the unimplemented list that should be ignored [1]. > > The failure message shows that the issue is with unexpected ciphers [2], > e.g. ECDHE-ARIA128-GCM-SHA256+TLSv1.2, so the next thing I did was to > check OpenSSL's version and ciphers. The version is the same as the > build process shows in the logs, but I don't see ARIA ciphers there: > > $ openssl version > OpenSSL 1.1.1 11 Sep 2018 > $ openssl ciphers -v | grep ARIA > > Any ideas? First impressions are that the ciphers supported by the latest OpenSSL versions have changed. However, I would have expected Gump to pick up on that and it hasn't. More research required... Mark > > Thanks, > > Igal > > [1] https://github.com/apache/tomcat/commit/a9c1a0661198 > [2] Testcase: testOpenSSLCipherAvailability took 0.043 sec > FAILED > Unexpected cipher suites: ECDHE-ARIA128-GCM-SHA256+TLSv1.2 > DHE-RSA-ARIA128-GCM-SHA256+TLSv1.2 DHE-DSS-ARIA256-GCM-SHA384+TLSv1.2 > ECDHE-ECDSA-ARIA128-GCM-SHA256+TLSv1.2 ARIA256-GCM-SHA384+TLSv1.2 > ECDHE-ARIA256-GCM-SHA384+TLSv1.2 DHE-RSA-ARIA256-GCM-SHA384+TLSv1.2 > RSA-PSK-ARIA256-GCM-SHA384+TLSv1.2 > ECDHE-ECDSA-ARIA256-GCM-SHA384+TLSv1.2 ARIA128-GCM-SHA256+TLSv1.2 > RSA-PSK-ARIA128-GCM-SHA256+TLSv1.2 DHE-PSK-ARIA128-GCM-SHA256+TLSv1.2 > DHE-DSS-ARIA128-GCM-SHA256+TLSv1.2 PSK-ARIA256-GCM-SHA384+TLSv1.2 > DHE-PSK-ARIA256-GCM-SHA384+TLSv1.2 PSK-ARIA128-GCM-SHA256+TLSv1.2 > expected:<0> but was:<16> > junit.framework.AssertionFailedError: Unexpected cipher suites: > ECDHE-ARIA128-GCM-SHA256+TLSv1.2 DHE-RSA-ARIA128-GCM-SHA256+TLSv1.2 > DHE-DSS-ARIA256-GCM-SHA384+TLSv1.2 > ECDHE-ECDSA-ARIA128-GCM-SHA256+TLSv1.2 ARIA256-GCM-SHA384+TLSv1.2 > ECDHE-ARIA256-GCM-SHA384+TLSv1.2 DHE-RSA-ARIA256-GCM-SHA384+TLSv1.2 > RSA-PSK-ARIA256-GCM-SHA384+TLSv1.2 > ECDHE-ECDSA-ARIA256-GCM-SHA384+TLSv1.2 ARIA128-GCM-SHA256+TLSv1.2 > RSA-PSK-ARIA128-GCM-SHA256+TLSv1.2 DHE-PSK-ARIA128-GCM-SHA256+TLSv1.2 > DHE-DSS-ARIA128-GCM-SHA256+TLSv1.2 PSK-ARIA256-GCM-SHA384+TLSv1.2 > DHE-PSK-ARIA256-GCM-SHA384+TLSv1.2 PSK-ARIA128-GCM-SHA256+TLSv1.2 > expected:<0> but was:<16> > at > org.apache.tomcat.util.net.openssl.ciphers.TestCipher.testOpenSSLCipherAvailability(TestCipher.java:108) > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Unit Tests and OpenSSL Ciphers
While testing Tomcat Native 1.2.23 two unit tests failed on my system: TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.APR.txt TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.APR.txt My build.properties includes the following: test.openssl.unimplemented=ARIA,IDEA Which adds any ciphers with the substring ARIA or IDEA in the name to the unimplemented list that should be ignored [1]. The failure message shows that the issue is with unexpected ciphers [2], e.g. ECDHE-ARIA128-GCM-SHA256+TLSv1.2, so the next thing I did was to check OpenSSL's version and ciphers. The version is the same as the build process shows in the logs, but I don't see ARIA ciphers there: $ openssl version OpenSSL 1.1.1 11 Sep 2018 $ openssl ciphers -v | grep ARIA Any ideas? Thanks, Igal [1] https://github.com/apache/tomcat/commit/a9c1a0661198 [2] Testcase: testOpenSSLCipherAvailability took 0.043 sec FAILED Unexpected cipher suites: ECDHE-ARIA128-GCM-SHA256+TLSv1.2 DHE-RSA-ARIA128-GCM-SHA256+TLSv1.2 DHE-DSS-ARIA256-GCM-SHA384+TLSv1.2 ECDHE-ECDSA-ARIA128-GCM-SHA256+TLSv1.2 ARIA256-GCM-SHA384+TLSv1.2 ECDHE-ARIA256-GCM-SHA384+TLSv1.2 DHE-RSA-ARIA256-GCM-SHA384+TLSv1.2 RSA-PSK-ARIA256-GCM-SHA384+TLSv1.2 ECDHE-ECDSA-ARIA256-GCM-SHA384+TLSv1.2 ARIA128-GCM-SHA256+TLSv1.2 RSA-PSK-ARIA128-GCM-SHA256+TLSv1.2 DHE-PSK-ARIA128-GCM-SHA256+TLSv1.2 DHE-DSS-ARIA128-GCM-SHA256+TLSv1.2 PSK-ARIA256-GCM-SHA384+TLSv1.2 DHE-PSK-ARIA256-GCM-SHA384+TLSv1.2 PSK-ARIA128-GCM-SHA256+TLSv1.2 expected:<0> but was:<16> junit.framework.AssertionFailedError: Unexpected cipher suites: ECDHE-ARIA128-GCM-SHA256+TLSv1.2 DHE-RSA-ARIA128-GCM-SHA256+TLSv1.2 DHE-DSS-ARIA256-GCM-SHA384+TLSv1.2 ECDHE-ECDSA-ARIA128-GCM-SHA256+TLSv1.2 ARIA256-GCM-SHA384+TLSv1.2 ECDHE-ARIA256-GCM-SHA384+TLSv1.2 DHE-RSA-ARIA256-GCM-SHA384+TLSv1.2 RSA-PSK-ARIA256-GCM-SHA384+TLSv1.2 ECDHE-ECDSA-ARIA256-GCM-SHA384+TLSv1.2 ARIA128-GCM-SHA256+TLSv1.2 RSA-PSK-ARIA128-GCM-SHA256+TLSv1.2 DHE-PSK-ARIA128-GCM-SHA256+TLSv1.2 DHE-DSS-ARIA128-GCM-SHA256+TLSv1.2 PSK-ARIA256-GCM-SHA384+TLSv1.2 DHE-PSK-ARIA256-GCM-SHA384+TLSv1.2 PSK-ARIA128-GCM-SHA256+TLSv1.2 expected:<0> but was:<16> at org.apache.tomcat.util.net.openssl.ciphers.TestCipher.testOpenSSLCipherAvailability(TestCipher.java:108)