Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ApacheHttpClientChannels no longer complains about Unsupported ciphersuite #415

Merged
merged 3 commits into from
Feb 24, 2020
Merged

ApacheHttpClientChannels no longer complains about Unsupported ciphersuite #415

merged 3 commits into from
Feb 24, 2020

Conversation

iamdanfox
Copy link
Contributor

Before this PR

In my witchcraft PR, I'm unable to make calls using ApacheHttpClientChannels due to:

Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
	at sun.security.ssl.CipherSuite.valueOf(CipherSuite.java:228)
	at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:79)
	at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2491)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:414)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
	at com.palantir.dialogue.hc4.ApacheHttpClientBlockingChannel.execute(ApacheHttpClientBlockingChannel.java:76)
	at com.palantir.dialogue.blocking.BlockingChannelAdapter$BlockingChannelAdapterChannel$BlockingChannelAdapterTask.call(BlockingChannelAdapter.java:90)
	at com.palantir.dialogue.blocking.BlockingChannelAdapter$BlockingChannelAdapterChannel$BlockingChannelAdapterTask.call(BlockingChannelAdapter.java:76)
	at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:125)
	at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:69)
	at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:78)
	at com.palantir.tracing.Tracers$TracingAwareRunnable.run(Tracers.java:501)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

After this PR

==COMMIT_MSG==
ApacheHttpClientChannels no longer complains about Unsupported ciphersuite
==COMMIT_MSG==

  • not really sure why the tests in this repo didn't trip this...

Possible downsides?

@changelog-app
Copy link

changelog-app bot commented Feb 24, 2020
edited by iamdanfox
Loading

Generate changelog in changelog/@unreleased

Type

  • Feature
  • Improvement
  • Fix
  • Break
  • Deprecation
  • Manual task
  • Migration

Description

ApacheHttpClientChannels no longer complains about Unsupported ciphersuite

Check the box to generate changelog(s)

  • Generate changelog entry

@iamdanfox iamdanfox force-pushed the dfox/fix-cipher-whitelist branch from 485a6e9 to a7af40e Compare February 24, 2020 15:43
carterkozak
carterkozak approved these changes Feb 24, 2020
View reviewed changes
Copy link
Contributor

@carterkozak carterkozak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, thanks Dan!

carterkozak
carterkozak reviewed Feb 24, 2020
View reviewed changes
...ogue-apache-hc4-client/src/main/java/com/palantir/dialogue/hc4/ApacheHttpClientChannels.java Outdated
}
}

log.info(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we check !unsupported.isEmpty()?

@iamdanfox
Copy link
Contributor Author

Out of curiosity, do you know why this wasn't caught in the existing ApacheHttpClientChannelsTest extends AbstractChannelTest? that seems to be making real http requests, so I'm a little bewildered as to why it didn't flag it for us?

@carterkozak
Copy link
Contributor

I don't think this repo actually uses TLS anywhere

@bulldozer-bot bulldozer-bot bot merged commit 8557b56 into develop Feb 24, 2020
@bulldozer-bot bulldozer-bot bot deleted the dfox/fix-cipher-whitelist branch February 24, 2020 15:54
@svc-autorelease
Copy link
Collaborator

Released 0.9.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carterkozak carterkozak carterkozak approved these changes

Assignees
No one assigned
Labels
autorelease merge when ready
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@iamdanfox @carterkozak @svc-autorelease