On Mon, 26 Jul 2021 at 15:18, Bernd Eckenfels <e...@zusammenkunft.net> wrote: > > You can enable the protocols (see link below) in the Java.security policy > file, but in the long run it’s best to mainly test supported algorithms, > maybe by conditionally checking it only if available, then a manual modified > test environment can use the compatibility tests,
I have comparde the java.security files between Oracle 8 and AdoptOpenJDK 8. The latter includes the following: jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, ... However Oracle does not list TLSv1 and TLSv1.1. I tried dropping these two from the AdoptOpenJDK version, and that allowed the test to complete OK. However that is not a feasible approach in general. I have no idea why one of the disabled algorithms is being used. The test code appears to select TLSV1.2. How does one choose a supported algo? > (Btw I don’t think that Oracle behaves better, it is just not tested with the > commercially supported latest Oracle versions I suspect). The Crypto roadmap > states tls1 for example is disabled since April in Oracle 8u291. > > https://java.com/en/jre-jdk-cryptoroadmap.html > > Gruss > Bernd > > > -- > http://bernd.eckenfels.net > ________________________________ > Von: Gary Gregory <garydgreg...@gmail.com> > Gesendet: Monday, July 26, 2021 2:57:35 PM > An: sebb <seb...@gmail.com> > Cc: CommonsDev <dev@commons.apache.org> > Betreff: Re: [NET] FTPSClientTest fails on AdoptOpenJDK 8 & 11 > > Hm, there might be some system property to set that says "use this old and > now deprecated algorithm" or we might have to recreate any certificates > used in tests with a current JDK 8. > > Gary > > > On Mon, Jul 26, 2021, 08:42 sebb <seb...@gmail.com> wrote: > > > As the subject says: FTPSClientTest fails with > > > > javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol > > is disabled or cipher suites are inappropriate) > > > > when run with AdoptOpenJDK 8 & 11 > > However it works fine with the Oracle version of Java 8 & 11 > > > > @Gary Gregory : I think you wrote the code -- any idea how to fix it > > for AdoptOpenJDK? > > > > Sebb > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
