[jboss-jira] [JBoss JIRA] (WFCORE-4532) Investigate new JDK 13 regressions
Richard Opalka (Jira)
issues at jboss.org
Wed Jun 19 11:25:00 EDT 2019
[ https://issues.jboss.org/browse/WFCORE-4532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13749023#comment-13749023 ]
Richard Opalka edited comment on WFCORE-4532 at 6/19/19 11:24 AM:
------------------------------------------------------------------
These three tests mentioned above are passing on Open JDK 13 ea 24.
They started to fail with latest Open JDK 13 ea 25.
I was debugging TlsTestCase failures and my observation is
there was a new feature introduced in JDK 13 ea 25:
https://bugs.openjdk.java.net/browse/JDK-8211018
This new feature causes that some SSL sessions are not propagated to
sun.security.ssl.SSLSessionContextImpl.sessionCache field.
For anybody from our security team that will have a look,
for easy and fast investigation you will need:
* Open JDK 13 ea 24 installed
* Open JDK 13 ea 25 installed
Put breakpoints to methods:
* sun.security.ssl.Finished.onProduceFinished()
* sun.security.ssl.SSLSessionContextImpl.put(SSLSessionImpl)
* org.wildfly.extension.elytron.SSLDefinitions (line 904) // performRuntime method of ACTIVE_SESSION_COUNT attribute handler
Execute test in debug mode:
$ cd wildfly-core/elytron
$ mvn clean test -Dtest=**/TlsTestCase#testSslServiceAuth -Dmaven.surefire.debug
My observation is that in method sun.security.ssl.Finished.onProduceFinished()
there is a new shc.statelessResumption field check that causes SSL session not to be registered into the cache.
was (Author: ropalka):
These three tests mentioned above are passing on Open JDK 13 ea 24.
They started to fail with latest Open JDK 13 ea 25.
I was debugging TlsTestCase failures and my observation is
there was a new feature introduced in JDK 13 ea 25:
https://bugs.openjdk.java.net/browse/JDK-8211018
This new feature causes that some SSL sessions are not propagated to
sun.security.ssl.SSLSessionContextImpl.sessionCache field.
For anybody from our security team that will have a look,
for easy and fast investigation you will need:
* Open JDK 13 ea 24 installed
* Open JDK 13 ea 25 installed
Put breakpoints to methods:
* sun.security.ssl.Finished.onProduceFinished()
* sun.security.ssl.SSLSessionContextImpl.put(SSLSessionImpl)
* org.wildfly.extension.elytron.SSLDefinitions (line 904) // performRuntime method of ACTIVE_SESSION_COUNT attribute handler
Execute test in debug mode:
$ cd wildfly-core/elytron
$ mvn clean test -Dtest=**/TlsTestCase#testSslServiceAuth -Dmaven.surefire.debug
My observation is that in method sun.security.ssl.Finished.onProduceFinished()
there is a new shc.statelessResumption field check that causes SSL session not to be registered into the cache.
> Investigate new JDK 13 regressions
> ----------------------------------
>
> Key: WFCORE-4532
> URL: https://issues.jboss.org/browse/WFCORE-4532
> Project: WildFly Core
> Issue Type: Task
> Components: Security
> Reporter: Richard Opalka
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 9.0.2.Final
>
>
> Latest Open JDK 13 Early Access 25 introduced three new regressions in our test suite.
> Failing tests are:
> wildfly-core/elytron/src/test/java/org/wildfly/extension/elytron/TlsTestCase.java
> wildfly-core/testsuite/elytron/src/test/java/org/wildfly/test/integration/elytron/sasl/mgmt/KerberosHttpMgmtSaslTestCase.java
> wildfly-core/testsuite/elytron/src/test/java/org/wildfly/test/integration/elytron/sasl/mgmt/KerberosNativeMgmtSaslTestCase.java
> Could somebody from our security team have a look what is going on [~darran] ?
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list