From e2ddfbde00b89492992b82744e2b54a3b142e30a Mon Sep 17 00:00:00 2001 From: olivier lamy Date: Sat, 9 Mar 2019 11:37:50 +1000 Subject: [PATCH] Issue #3425 upgrade conscrypt to 2.0.0 disable TLSv1.3 for jdk8 tests Signed-off-by: olivier lamy --- .../alpn/conscrypt/server/ConscryptHTTP2ServerTest.java | 6 ++++++ jetty-osgi/test-jetty-osgi/pom.xml | 1 - .../test-jetty-osgi/src/test/config/etc/jetty-http2.xml | 7 +++++++ .../jetty/osgi/test/TestJettyOSGiBootHTTP2Conscrypt.java | 6 ++++++ 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java b/jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java index 69e49b187f0..06aa90b77d9 100644 --- a/jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java +++ b/jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java @@ -33,6 +33,7 @@ import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.server.handler.AbstractHandler; +import org.eclipse.jetty.util.JavaVersion; import org.eclipse.jetty.util.ssl.SslContextFactory; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; @@ -80,6 +81,11 @@ public class ConscryptHTTP2ServerTest sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); sslContextFactory.setProvider("Conscrypt"); sslContextFactory.setEndpointIdentificationAlgorithm(null); + if (JavaVersion.VERSION.getPlatform() < 9) + { + // conscrypt enable TLSv1.3 per default but it's not supported in jdk8 + sslContextFactory.addExcludeProtocols( "TLSv1.3" ); + } return sslContextFactory; } diff --git a/jetty-osgi/test-jetty-osgi/pom.xml b/jetty-osgi/test-jetty-osgi/pom.xml index 81207cf4b7d..d43498a3c35 100644 --- a/jetty-osgi/test-jetty-osgi/pom.xml +++ b/jetty-osgi/test-jetty-osgi/pom.xml @@ -548,7 +548,6 @@ maven-surefire-plugin - **/TestJettyOSGiBootHTTP2JDK9* diff --git a/jetty-osgi/test-jetty-osgi/src/test/config/etc/jetty-http2.xml b/jetty-osgi/test-jetty-osgi/src/test/config/etc/jetty-http2.xml index 2de7f348d0a..962451ec144 100644 --- a/jetty-osgi/test-jetty-osgi/src/test/config/etc/jetty-http2.xml +++ b/jetty-osgi/test-jetty-osgi/src/test/config/etc/jetty-http2.xml @@ -21,6 +21,13 @@ true + + + + TLSv1.3 + + + diff --git a/jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2Conscrypt.java b/jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2Conscrypt.java index 333e1b6935d..92c81139a30 100644 --- a/jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2Conscrypt.java +++ b/jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2Conscrypt.java @@ -31,6 +31,7 @@ import org.eclipse.jetty.client.HttpClient; import org.eclipse.jetty.client.api.ContentResponse; import org.eclipse.jetty.http2.client.HTTP2Client; import org.eclipse.jetty.http2.client.http.HttpClientTransportOverHTTP2; +import org.eclipse.jetty.util.JavaVersion; import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.util.thread.QueuedThreadPool; import org.junit.Test; @@ -145,6 +146,11 @@ public class TestJettyOSGiBootHTTP2Conscrypt sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); sslContextFactory.setProvider("Conscrypt"); sslContextFactory.setEndpointIdentificationAlgorithm(null); + if ( JavaVersion.VERSION.getPlatform() < 9) + { + // conscrypt enable TLSv1.3 per default but it's not supported in jdk8 + sslContextFactory.addExcludeProtocols( "TLSv1.3" ); + } HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory); Executor executor = new QueuedThreadPool(); httpClient.setExecutor(executor);