The test still fails on Java 16. See my latest commit which does not fix it but at least creates current keystores for Java 8 and 16 using the current keystore format instead of the old deprecated JKS format .
Gary On Mon, Jul 26, 2021, 19:18 sebb <seb...@gmail.com> wrote: > On Mon, 26 Jul 2021 at 17:43, Bernd <e...@zusammenkunft.net> wrote: > > > > Hello, > > > > > > > The test code appears to select TLSV1.2. > > > > > > > https://github.com/apache/commons-net/blob/fd06a81fd4ea3ace33d397935c76a4e014088fa2/src/test/java/org/apache/commons/net/ftp/FTPSClientTest.java#L103 > > > > > > the test code seems to limit the client to TLS1 only. Not sure why it > does > > that, if we remove it, it should probably run with most sane JDKs. > > > > Well spotted. That appears to have been the problem. > > > > > Gruss > > > > Bernd > > > > -- > > > > https://bernd.eckenfels.net > > > > > > > > *Von: *sebb <seb...@gmail.com> > > *Gesendet: *Montag, 26. Juli 2021 16:41 > > *An: *Bernd Eckenfels <e...@zusammenkunft.net> > > *Cc: *Commons Developers List <dev@commons.apache.org> > > *Betreff: *Re: [NET] FTPSClientTest fails on AdoptOpenJDK 8 & 11 > > > > > > > > On Mon, 26 Jul 2021 at 15:18, Bernd Eckenfels <e...@zusammenkunft.net> > > wrote: > > > > > > > > > > You can enable the protocols (see link below) in the Java.security > policy > > file, but in the long run it’s best to mainly test supported algorithms, > > maybe by conditionally checking it only if available, then a manual > > modified test environment can use the compatibility tests, > > > > > > > > I have comparde the java.security files between Oracle 8 and > AdoptOpenJDK 8. > > > > The latter includes the following: > > > > > > > > jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, ... > > > > > > > > However Oracle does not list TLSv1 and TLSv1.1. > > > > I tried dropping these two from the AdoptOpenJDK version, and that > > > > allowed the test to complete OK. > > > > However that is not a feasible approach in general. > > > > > > > > I have no idea why one of the disabled algorithms is being used. > > > > The test code appears to select TLSV1.2. > > > > How does one choose a supported algo? > > > > > > > > > (Btw I don’t think that Oracle behaves better, it is just not tested > with > > the commercially supported latest Oracle versions I suspect). The Crypto > > roadmap states tls1 for example is disabled since April in Oracle 8u291. > > > > > > > > > > https://java.com/en/jre-jdk-cryptoroadmap.html > > > > > > > > > > Gruss > > > > > Bernd > > > > > > > > > > > > > > > -- > > > > > http://bernd.eckenfels.net > > > > > ________________________________ > > > > > Von: Gary Gregory <garydgreg...@gmail.com> > > > > > Gesendet: Monday, July 26, 2021 2:57:35 PM > > > > > An: sebb <seb...@gmail.com> > > > > > Cc: CommonsDev <dev@commons.apache.org> > > > > > Betreff: Re: [NET] FTPSClientTest fails on AdoptOpenJDK 8 & 11 > > > > > > > > > > Hm, there might be some system property to set that says "use this old > and > > > > > now deprecated algorithm" or we might have to recreate any certificates > > > > > used in tests with a current JDK 8. > > > > > > > > > > Gary > > > > > > > > > > > > > > > On Mon, Jul 26, 2021, 08:42 sebb <seb...@gmail.com> wrote: > > > > > > > > > > > As the subject says: FTPSClientTest fails with > > > > > > > > > > > > javax.net.ssl.SSLHandshakeException: No appropriate protocol > (protocol > > > > > > is disabled or cipher suites are inappropriate) > > > > > > > > > > > > when run with AdoptOpenJDK 8 & 11 > > > > > > However it works fine with the Oracle version of Java 8 & 11 > > > > > > > > > > > > @Gary Gregory : I think you wrote the code -- any idea how to fix it > > > > > > for AdoptOpenJDK? > > > > > > > > > > > > Sebb > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
