openJcePlusTests_0 TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

[JasonFengJ9]

Failure link

From internal Test_openjdk24_j9_extended.functional_ppc64_aix_fips140_3_openjceplusfips (p10aix133)

openjdk version "24-beta" 2025-03-18
IBM Semeru Runtime Open Edition 24+36-202503020736 (build 24-beta+36-202503020736)
Eclipse OpenJ9 VM 24+36-202503020736 (build master-abf8fa738c, JRE 24 AIX ppc64-64-Bit Compressed References 20250302_5 (JIT enabled, AOT enabled)
OpenJ9   - abf8fa738c
OMR      - c920ac328
JCL      - 47881f0f0 based on jdk-24+36)

Rerun in Grinder - Change TARGET to run only the failed test targets

Optional info

Failure output (captured from console output)

[2025-03-02T09:09:13.891Z] variation: NoOptions
[2025-03-02T09:09:13.891Z] JVM_OPTIONS:   -Dsemeru.fips=true -Dsemeru.customprofile=OpenJCEPlusFIPS

[2025-03-02T09:59:44.156Z] [INFO] Results:
[2025-03-02T09:59:44.156Z] [INFO] 
[2025-03-02T09:59:44.156Z] [ERROR] Errors: 
[2025-03-02T09:59:44.156Z] [ERROR]   TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 � SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
[2025-03-02T09:59:44.156Z] [ERROR]   TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 � SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
[2025-03-02T09:59:44.156Z] [ERROR]   TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 � SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
[2025-03-02T09:59:44.156Z] [ERROR]   TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 � SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
[2025-03-02T09:59:44.156Z] [ERROR]   TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 � SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
[2025-03-02T09:59:44.156Z] [ERROR]   TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 � SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
[2025-03-02T09:59:44.156Z] [ERROR]   TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 � SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
[2025-03-02T09:59:44.156Z] [ERROR]   TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 � SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
[2025-03-02T09:59:44.156Z] [ERROR]   TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 � SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
[2025-03-02T09:59:44.156Z] [ERROR]   TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 � SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
[2025-03-02T09:59:44.156Z] [ERROR]   TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 � SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
[2025-03-02T09:59:44.156Z] [ERROR]   TestTLS.testTLS:91->BaseTestTLS.runServerClient:55 � SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
[2025-03-02T09:59:44.156Z] [INFO] 
[2025-03-02T09:59:44.156Z] [ERROR] Tests run: 2502, Failures: 0, Errors: 12, Skipped: 0

[2025-03-02T09:59:44.156Z] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:3.3.0:test (default-cli) on project OpenJCEPlus: 
[2025-03-02T09:59:44.156Z] [ERROR] 
[2025-03-02T09:59:44.156Z] [ERROR] Please refer to /home/jenkins/workspace/Test_openjdk24_j9_extended.functional_ppc64_aix_fips140_3_openjceplusfips/aqa-tests/TKG/../TKG/output_17409065528143/openJcePlusTests_0/target/surefire-reports for the individual test results.

[2025-03-02T09:59:44.157Z] openJcePlusTests_0_FAILED

FYI @jasonkatonica

[jasonkatonica]

These tests appear to be now honoring the flags -Dsemeru.fips=true -Dsemeru.customprofile=OpenJCEPlusFIPS on Java 24 which is not expected. We expect that the tests should be run in non fips mode. An adjustment to the test infrastructure is planned. It is unknown at this time why tests running on other releases do not honor the fips flags being set.

[jasonkatonica]

Looking closer I believe the root cause is that Java 24 disabled all TLS_RSA_* ciphers through this commit. I plan on adjusting the test to remove these ciphers in the Java 24 branch of OpenJCEPlus.

[jasonkatonica]

Update associated with OpenJCEPlus:

main branch: IBM/OpenJCEPlus#502 => merged
java24 branch: IBM/OpenJCEPlus#503 => merged

[jasonkatonica]

An update was also made to execute the OpenJCEPlus function tests without specifying the Semeru fips specific properties. At this time we dont believe that the properties being set, such as -Dsemeru.fips=true -Dsemeru.customprofile=OpenJCEPlusFIPS, are really being honored by the mvn based tests. This is however confusing for testers. Instead these tests will become part of the regular extended.functional tests. The update was made with:

adoptium/aqa-tests#6010 => merged

[jasonkatonica]

This issue should be resolved as per above.