[ARTEMIS-3038] unwind defunct changes from ARTEMIS-1264 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.18.0
Fix Version/s: 2.19.0
Component/s: None
Labels:
None

Description

The changes made in ~~ARTEMIS-1264~~ are essentially defunct and should be unwound. The Kerberos TLS cipher suites were already not recommended for use at the time due to being weak, they had already been removed entirely from Java 11 by then, and have been disabled by default in Java 8 releases for some time now, and do not work with TLS 1.3. OpenSSL removed the equivalent support from its source even earlier in May 2015, https://mta.openssl.org/pipermail/openssl-users/2015-May/001406.html.

The related tests have already been removed as they were failing, then ignored, and essentialy couldnt run anywhere. The non-test changes are now untested and essentially defunct already, but once releases require Java 11 they will become entirely unusable.

Originally described with "CoreClientOverOneWaySSLKerb5Test#testOneWaySSLWithGoodClientCipherSuite is failing.... I set the test with an ignore .. until we investigate what we should do."

Attachments

Issue Links

relates to

ARTEMIS-1264 Client authentication via Kerberos TLS Cipher Suites (RFC 2712)

Closed

ARTEMIS-2813 Kerberos tests failures on Java 11

Closed

ARTEMIS-3420 Target Java 11+ , i.e. drop support for Java 8

Closed

links to

GitHub Pull Request #3785

Activity

People

Assignee:: Robbie Gemmell

Reporter:: Clebert Suconic

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 17/Dec/20 18:02

Updated:: 07/Oct/21 23:39

Resolved:: 07/Oct/21 09:55

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 50m