New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Test that newly-added Java 8 ALPN works #6997
Comments
hi @ejona86, I've done a quick test and can reproduce a few test errors as soon as I use JDK8u252 (AdopOpenJDK). Steps to reproduce
The following tests fail: (copy/pasting from the report)
|
Netty released a fix in I've tried bumping the dependency in the build definition to
|
Make sure you also check to see if netty_tcnative in the |
|
Today I grabbed latest libraries-bom v9.0.0 to see if gRPC pubSub is working yet on JDK8 without a tcnative.so It uses grpc-netty-shaded 1.31.1, I just want to update, that I am using IBM Z/OS, which only has JDK8 and no libtcnative.so. The ALPN support from JDK9 was initially back ported by IBM into JDK 1.8.0_241 / JRE build 8.0.5.15 The ALPN support above, was then replaced with the Oracle JDK9 code in JDK 1.8.0_251 /JRE build 8.0.6.11 Can you please let us know when you expect to have a version of the above with the newer io.netty/ modules ? |
I see we have an upgrade to gRPC jars for v1.32.1, so io.grpc.netty.shaded should now use newer Netty (that should support ALPN on newer versions of JDK8). What should the log look like, when gRPC detects the JDK8 back ported ALPN ? |
@kiwi1969, only SunJSSE and Conscrypt is supported with the Java 9 ALPN API. Supporting IBM's security provider would be a separate issue. |
Oh, I see. You guys explicitly request "SunJSSE" in the code. I see someone has already done this work - any idea why this pull to support IBMJSEE2 wasn't implemented ? #5374 |
OK, I testing my own change to support IBMJSEE2, which is very similar to #5374 but superior coding. I did have to specify the IBM specific JVM parm below, else we get TLSv1 issue with code trying to use blocked ciphers I created Pull request #7422 **I guess this shows that the Java8 ALPN works (at least on Z/OS) - Do you want to close this issue ? ** Note that as many Z/OS users would have hardware such as ZIIP processor card and Crypto Accelerator cards, the Java encryption workloads may be offloaded, and actually run faster than on other systems. |
In https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8230977 Java 8 received a backport of the Java 9 ALPN API. It appears to be available starting in 8u251 or u252. Support was added to Netty in netty/netty#10196 and released in 4.1.49.
Since we do some of our own detection, we should make sure it works with these more recent Java 8 versions. Even though Java 8 has very poor AES GCM performance, if it is an additional option it can help users on nicher platforms why may not need high throughput. We will also need to update SECURITY.md.
It may make sense to split out a separate issue for OkHttp.
The text was updated successfully, but these errors were encountered: