[jboss-jira] [JBoss JIRA] (WFLY-10945) JDK11 ws testsuite SSL failures

[Jan Blizňák (Jira)]

    [ https://issues.jboss.org/browse/WFLY-10945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13644686#comment-13644686 ] 

Jan Blizňák commented on WFLY-10945:
------------------------------------

JBWS is not registering BC as a global security provider but it is using dynamic loading mechanism via special interceptors which load the BC provider to exchange of the message being processed to use if needed, check
https://github.com/jbossws/jbossws-cxf/blob/jbossws-cxf-5.2.3.Final/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/SecurityProviderConfig.java

Anyway these tests should not require BC to run, however, given the mechanism above, BC might be involved. So I tried to explicitly disable BC loading by -Dorg.jboss.ws.cxf.noLocalBC=true added to both client and server side, the result is the same as before - without the {{System.setProperty("https.protocols", "TLSv1.1");}} workaround the tests are failing.

> JDK11 ws testsuite SSL failures
> -------------------------------
>
>                 Key: WFLY-10945
>                 URL: https://issues.jboss.org/browse/WFLY-10945
>             Project: WildFly
>          Issue Type: Sub-task
>          Components: Test Suite
>    Affects Versions: 14.0.0.Beta2
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>            Priority: Blocker
>             Fix For: 15.0.0.Alpha1
>
>
> ws testsuite failures on JDK-11:
> * missing local IP in SubjectAlternativeNamesExtension
> * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + TLS1.2 seems buggy on JDK-11: Invalid ECDH ServerKeyExchange signature
>  * not issue after switching to TLS1.1 or to ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 -> JDK bug



--
This message was sent by Atlassian Jira
(v7.12.1#712002)