Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.18.0
-
None
-
None
Description
The changes made in ARTEMIS-1264 are essentially defunct and should be unwound. The Kerberos TLS cipher suites were already not recommended for use at the time due to being weak, they had already been removed entirely from Java 11 by then, and have been disabled by default in Java 8 releases for some time now, and do not work with TLS 1.3. OpenSSL removed the equivalent support from its source even earlier in May 2015, https://mta.openssl.org/pipermail/openssl-users/2015-May/001406.html.
The related tests have already been removed as they were failing, then ignored, and essentialy couldnt run anywhere. The non-test changes are now untested and essentially defunct already, but once releases require Java 11 they will become entirely unusable.
Originally described with "CoreClientOverOneWaySSLKerb5Test#testOneWaySSLWithGoodClientCipherSuite is failing.... I set the test with an ignore .. until we investigate what we should do."
Attachments
Issue Links
- relates to
-
ARTEMIS-1264 Client authentication via Kerberos TLS Cipher Suites (RFC 2712)
- Closed
-
ARTEMIS-2813 Kerberos tests failures on Java 11
- Closed
-
ARTEMIS-3420 Target Java 11+ , i.e. drop support for Java 8
- Closed
- links to