[jboss-jira] [JBoss JIRA] (WFCORE-4532) Investigate new JDK 13 regressions

Richard Opalka (Jira) issues at jboss.org
Wed Jun 19 11:24:00 EDT 2019 

    [ https://issues.jboss.org/browse/WFCORE-4532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13749023#comment-13749023 ] 

Richard Opalka commented on WFCORE-4532:
----------------------------------------

These three tests mentioned above are passing on Open JDK 13 ea 24.
They started to fail with latest Open JDK 13 ea 25.

I was debugging TlsTestCase failures and my observation is
there was a new feature introduced in JDK 13 ea 25:

https://bugs.openjdk.java.net/browse/JDK-8211018

This new feature causes that some SSL sessions are not propagated to
sun.security.ssl.SSLSessionContextImpl.sessionCache field.

For anybody from our security team that will have a look, 
for easy and fast investigation you will need:
 * Open JDK 13 ea 24 installed
 * Open JDK 13 ea 25 installed
Put breakpoints to methods:
 * sun.security.ssl.Finished.onProduceFinished()
 * sun.security.ssl.SSLSessionContextImpl.put(SSLSessionImpl)
 * org.wildfly.extension.elytron.SSLDefinitions (line 904) // performRuntime method of ACTIVE_SESSION_COUNT attribute handler
Execute test in debug mode:
$ cd wildfly-core/elytron
$ mvn clean test -Dtest=**/TlsTestCase#testSslServiceAuth -Dmaven.surefire.debug

My observation is that in method sun.security.ssl.Finished.onProduceFinished()
there is a new shc.statelessResumption field check that causes SSL session not to be registered into the cache.


> Investigate new JDK 13 regressions
> ----------------------------------
>
>                 Key: WFCORE-4532
>                 URL: https://issues.jboss.org/browse/WFCORE-4532
>             Project: WildFly Core
>          Issue Type: Task
>          Components: Security
>            Reporter: Richard Opalka
>            Assignee: Darran Lofthouse
>            Priority: Critical
>             Fix For: 9.0.2.Final
>
>
> Latest Open JDK 13 Early Access 25 introduced three new regressions in our test suite.
> Failing tests are: 
> wildfly-core/elytron/src/test/java/org/wildfly/extension/elytron/TlsTestCase.java
> wildfly-core/testsuite/elytron/src/test/java/org/wildfly/test/integration/elytron/sasl/mgmt/KerberosHttpMgmtSaslTestCase.java
> wildfly-core/testsuite/elytron/src/test/java/org/wildfly/test/integration/elytron/sasl/mgmt/KerberosNativeMgmtSaslTestCase.java
> Could somebody from our security team have a look what is going on [~darran] ?



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list