You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
07:25:27 Warning:
07:25:27 <server-dsa> uses a 1024-bit DSA key which is considered a security risk. This key size will be disabled in a future update.
07:25:27 Certificate was added to keystore
07:25:27 stderr: Usage: tstclnt -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]
07:25:27 stderr: [-D | -d certdir] [-C] [-b | -R root-module]
07:25:27 stderr: [-n nickname] [-Bafosvx] [-c ciphers] [-Y] [-Z]
07:25:27 stderr: [-V [min-version]:[max-version]] [-K] [-T] [-U]
07:25:27 stderr: [-r N] [-w passwd] [-W pwfile] [-q [-t seconds]] [-I groups]
07:25:27 stderr: [-A requestfile] [-L totalconnections]-a name Send different SNI name. 1st_hs_name - at first
07:25:27 stderr: handshake, 2nd_hs_name - at second handshake.
07:25:27 stderr: Default is host from the -h argument.
07:25:27 stderr: -h host Hostname to connect with
07:25:27 stderr: -p port Port number for SSL server
07:25:27 stderr: -d certdir Directory with cert database (default is ~/.netscape)
07:25:27 stderr: -D Run without a cert database
07:25:27 stderr: -b Load the default "builtins" root CA module
07:25:27 stderr: -R Load the given root CA module
07:25:27 stderr: -C Print certificate chain information
07:25:27 stderr: (use -C twice to print more certificate details)
07:25:27 stderr: (use -C three times to include PEM format certificate dumps)
07:25:27 stderr: -n nickname Nickname of key and cert for client auth
07:25:27 stderr: -V [min]:[max] Restricts the set of enabled SSL/TLS protocols versions.
07:25:27 stderr: All versions are enabled by default.
07:25:27 stderr: Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2 tls1.3
07:25:27 stderr: Example: "-V ssl3:" enables SSL 3 and newer.
07:25:27 stderr: -K Send TLS_FALLBACK_SCSV
07:25:27 stderr: -S Prints only payload data. Skips HTTP header.
07:25:27 stderr: -f Client speaks first.
07:25:27 stderr: -O Use synchronous certificate validation
07:25:27 stderr: -o Override bad server cert. Make it OK.
07:25:27 stderr: -s Disable SSL socket locking.
07:25:27 stderr: -v Verbose progress reporting.
07:25:27 stderr: -q Ping the server and then exit.
07:25:27 stderr: -t seconds Timeout for server ping (default: no timeout).
07:25:27 stderr: -r N Renegotiate N times (resuming session if N>1).
07:25:27 stderr: -u Enable the session ticket extension.
07:25:27 stderr: -z Enable compression.
07:25:27 stderr: -g Enable false start.
07:25:27 stderr: -T Enable the cert_status extension (OCSP stapling).
07:25:27 stderr: -U Enable the signed_certificate_timestamp extension.
07:25:27 stderr: -F Require fresh revocation info from side channel.
07:25:27 stderr: -F once means: require for server cert only
07:25:27 stderr: -F twice means: require for intermediates, too
07:25:27 stderr: (Connect, handshake with server, disable dynamic download
07:25:27 stderr: of OCSP/CRL, verify cert using CERT_PKIXVerifyCert.)
07:25:27 stderr: Exit code:
07:25:27 stderr: 0: have fresh and valid revocation data, status good
07:25:27 stderr: 1: cert failed to verify, prior to revocation checking
07:25:27 stderr: 2: missing, old or invalid revocation data
07:25:27 stderr: 3: have fresh and valid revocation data, status revoked
07:25:27 stderr: -M Test -F allows 0=any (default), 1=only OCSP, 2=only CRL
07:25:27 stderr: -c ciphers Restrict ciphers
07:25:27 stderr: -Y Print cipher values allowed for parameter -c and exit
07:25:27 stderr: -4 Enforce using an IPv4 destination address
07:25:27 stderr: -6 Enforce using an IPv6 destination address
07:25:27 stderr: (Options -4 and -6 cannot be combined.)
07:25:27 stderr: -G Enable the extended master secret extension [RFC7627]
07:25:27 stderr: -H Require the use of FFDHE supported groups [I-D.ietf-tls-negotiated-ff-dhe]
07:25:27 stderr: -A Read from a file instead of stdin
07:25:27 stderr: -Z Allow 0-RTT data (TLS 1.3 only)
07:25:27 stderr: -L Disconnect and reconnect up to N times total
07:25:27 stderr: -I Comma separated list of enabled groups for TLS key exchange.
07:25:27 stderr: The following values are valid:
07:25:27 stderr: P256, P384, P521, x25519, FF2048, FF3072, FF4096, FF6144, FF8192
07:25:27 Jan 07, 2024 12:25:24 PM SSLSocketTester testConfiguration
07:25:27 SEVERE: null
07:25:27 java.lang.RuntimeException: Program exit value not zero: 1
07:25:27 at ExternalClient.test(ExternalClient.java:267)
07:25:27 at SSLSocketTester.testConfiguration(SSLSocketTester.java:392)
07:25:27 at SSLSocketTester.testConfigurations(SSLSocketTester.java:322)
07:25:27 at SSLSocketTester.testProvider(SSLSocketTester.java:234)
07:25:27 at SSLSocketTester.testProviders(SSLSocketTester.java:190)
07:25:27 at Main.main(Main.java:30)
Seems like tstclnt on some systems does not support -Q option used by ssl-tests. -Q Exit after handshake
I'll take a look how/where this can be fixed in ssl-test.
ssl-tests-nss-client.sh fails on test-ibmcloud-ubuntu1604-x64-1
Run in Grinder/8445 on test-docker-centos8-x64-1 to see if it still passes there (last ran on Dec 31st on that machine and passes).
Test Info
Test Name: ssl-tests_0
Test Duration: 5 min 39 sec
Machine: test-ibmcloud-ubuntu1604-x64-1
TRSS link for the test output: https://trss.adoptium.net/output/test?id=659b041720748f006f222d5d
Build Info
Build Name: Test_openjdk17_hs_dev.functional_x86-64_linux
Jenkins Build start time: Jan 07 2024, 07:17 am
Jenkins Build URL: https://ci.adoptium.net/job/Test_openjdk17_hs_dev.functional_x86-64_linux/5/
TRSS link for the build: https://trss.adoptium.net/allTestsInfo?buildId=659b02eb20748f006f22283c
Java Version
openjdk version "17.0.10-beta" 2024-01-16
OpenJDK Runtime Environment Temurin-17.0.10+6-202401071206 (build 17.0.10-beta+6-202401071206)
OpenJDK 64-Bit Server VM Temurin-17.0.10+6-202401071206 (build 17.0.10-beta+6-202401071206, mixed mode, sharing)
Rerun in Grinder
The text was updated successfully, but these errors were encountered: