From Fedora Project Wiki
No edit summary |
No edit summary |
||
| Line 29: | Line 29: | ||
# then: | # then: | ||
#:<pre> | #:<pre> | ||
#:: update-crypto-policies --set FUTURE | #:: sudo update-crypto-policies --set FUTURE | ||
#:: java CipherList | #:: java CipherList | ||
#:</pre> | #:</pre> | ||
# should give you a different (more strict) set than the following: | # should give you a different (more strict) set than the following: | ||
#:<pre> | #:<pre> | ||
#:: update-crypto-policies --set DEFAULT | #:: sudo update-crypto-policies --set DEFAULT | ||
#:: java CipherList | #:: java CipherList | ||
#:</pre> | #:</pre> | ||
Revision as of 11:54, 30 March 2017
Description
CryptoPolicies Java: https://bugzilla.redhat.com/show_bug.cgi?id=1249083
How to test
We will test java respects current policy
- initially you need:
- java (even with devel, to compile testcase. )
- $ sudo dnf install java-1.8.0-openjdk-devel
- if you run only icedtea-web tests, feel free to isntal only jre:
- $ sudo dnf install java-1.8.0-openjdk
- https://gitlab.com/nmav/fedora-crypto-policies
- git clone https://gitlab.com/nmav/fedora-crypto-policies
- cd fedora-crypto-policies/
- pushd ./tests/java/
- javac CipherList.java
- java (even with devel, to compile testcase. )
- then check :
- cat /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security | grep security.useSystemPropertiesFile
- if it is false, then systemsettings are not honored. If it is true, then system setings are honoured
- f26 must have it true by default
- feel free to change it to false, and experiment with all test in this testcase and monitro differences
- if something works with useSystemPropertiesFile=false, and not with useSystemPropertiesFile=true, it should be reported
- then:
- sudo update-crypto-policies --set FUTURE
- java CipherList
- should give you a different (more strict) set than the following:
- sudo update-crypto-policies --set DEFAULT
- java CipherList
- Dont forget to play with java settings
- /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
- Secondly you need:
- icedtea-web - open implementation of javaws and java plugin for browsers
- $ sudo dnf install icedtea-web
- icedtea-web - open implementation of javaws and java plugin for browsers
- Now feel free to run all https tests in the following list:
- http://icedtea.classpath.org/wiki/IcedTea-Web-Tests
- for javaws follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_webstart_.28javaws.29_test_applications
- $ javaws some_url
- for plugin be sure plugin is recognized (eg close and start firefox after install). See it in about:plugins and be aware, that it requres click-and-play (yes, it is legacy technology)
- for plugin follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_plugin_test_sites:
- $ firefox some_url
- Dont forget to play with java settings and global settings
- /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
- and
- update-crypto-policies --set FUTURE/DEFAULT/WHATEVER
Expected Results
- https works fine
- global policy is honored if enabled/is not when disabled