Hello,
> The test code appears to select TLSV1.2. https://github.com/apache/commons-net/blob/fd06a81fd4ea3ace33d397935c76a4e014088fa2/src/test/java/org/apache/commons/net/ftp/FTPSClientTest.java#L103 the test code seems to limit the client to TLS1 only. Not sure why it does that, if we remove it, it should probably run with most sane JDKs. Gruss Bernd -- https://bernd.eckenfels.net *Von: *sebb <seb...@gmail.com> *Gesendet: *Montag, 26. Juli 2021 16:41 *An: *Bernd Eckenfels <e...@zusammenkunft.net> *Cc: *Commons Developers List <dev@commons.apache.org> *Betreff: *Re: [NET] FTPSClientTest fails on AdoptOpenJDK 8 & 11 On Mon, 26 Jul 2021 at 15:18, Bernd Eckenfels <e...@zusammenkunft.net> wrote: > > You can enable the protocols (see link below) in the Java.security policy file, but in the long run it’s best to mainly test supported algorithms, maybe by conditionally checking it only if available, then a manual modified test environment can use the compatibility tests, I have comparde the java.security files between Oracle 8 and AdoptOpenJDK 8. The latter includes the following: jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, ... However Oracle does not list TLSv1 and TLSv1.1. I tried dropping these two from the AdoptOpenJDK version, and that allowed the test to complete OK. However that is not a feasible approach in general. I have no idea why one of the disabled algorithms is being used. The test code appears to select TLSV1.2. How does one choose a supported algo? > (Btw I don’t think that Oracle behaves better, it is just not tested with the commercially supported latest Oracle versions I suspect). The Crypto roadmap states tls1 for example is disabled since April in Oracle 8u291. > > https://java.com/en/jre-jdk-cryptoroadmap.html > > Gruss > Bernd > > > -- > http://bernd.eckenfels.net > ________________________________ > Von: Gary Gregory <garydgreg...@gmail.com> > Gesendet: Monday, July 26, 2021 2:57:35 PM > An: sebb <seb...@gmail.com> > Cc: CommonsDev <dev@commons.apache.org> > Betreff: Re: [NET] FTPSClientTest fails on AdoptOpenJDK 8 & 11 > > Hm, there might be some system property to set that says "use this old and > now deprecated algorithm" or we might have to recreate any certificates > used in tests with a current JDK 8. > > Gary > > > On Mon, Jul 26, 2021, 08:42 sebb <seb...@gmail.com> wrote: > > > As the subject says: FTPSClientTest fails with > > > > javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol > > is disabled or cipher suites are inappropriate) > > > > when run with AdoptOpenJDK 8 & 11 > > However it works fine with the Oracle version of Java 8 & 11 > > > > @Gary Gregory : I think you wrote the code -- any idea how to fix it > > for AdoptOpenJDK? > > > > Sebb > >
