Uploaded image for project: 'ActiveMQ Artemis'
  1. ActiveMQ Artemis
  2. ARTEMIS-3185

Various TLS tests fail on newer JDKs/environments



    • Test
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.17.0
    • 2.18.0
    • Tests
    • None


      Various broker integration tests fail after I updated to Fedora 33, seemingly on all JDK versions but certainly with 8u275 and above, with the failing tests all being TLS related. For example, AMQPConnectSaslTest, JMSSaslExternalTest, JMSSaslExternalLDAPTest failed, though there are others.

      Specifically, the related keystore for those tests looks to be keystore1.jks under tests/integration-tests/src/test/resources (though possibly other files in there and related tests could be affected or need updated also). The key contained uses SHA1withRSA for the signature, which keytool notes is disabled and so that is presumably the problem:

      $ keytool -keystore keystore1.jks -storepass changeit -list -v
      Signature algorithm name: SHA1withRSA (disabled)
      <keystore1> uses the SHA1withRSA signature algorithm which is considered a security risk and is disabled.

      I'm not clear how the file was generated and dont see the CA key used to sign it and which matches up to the truststore.jks file (it uses SHA256withRSA sig and so should be fine if the key were updated in isolation). If someone who knows the process used could update the key that would be great.

      A suggestion I would make is to create a script that creates the files, both so it can be seen later what was done, and more easily repeated and/or updated when needed. E.g for example we do this with the Qpid JMS tests resources, which I adapted for creating the 'broker-connections' TLS example resources when I was updating that.


        Issue Links



              brusdev Domenico Francesco Bruscino
              robbie Robbie Gemmell
              0 Vote for this issue
              3 Start watching this issue