From Fedora Project Wiki
No edit summary |
No edit summary |
||
| Line 51: | Line 51: | ||
##:</pre> | ##:</pre> | ||
# Now feel free to run all https tests in the following list: | # Now feel free to run all https tests in the following list: | ||
# note, dont get scared, there is jsut about 10 https tests, and eluminate seems to be correctly broken | |||
## http://icedtea.classpath.org/wiki/IcedTea-Web-Tests | ## http://icedtea.classpath.org/wiki/IcedTea-Web-Tests | ||
## of course feel free to test any jaavws application/applet favourite of yours | ## of course feel free to test any jaavws application/applet favourite of yours | ||
Latest revision as of 12:20, 30 March 2017
Description
CryptoPolicies Java: https://bugzilla.redhat.com/show_bug.cgi?id=1249083
How to test
We will test java respects current policy
- initially you need:
- java (even with devel, to compile testcase. )
- $ sudo dnf install java-1.8.0-openjdk-devel
- if you run only icedtea-web tests, feel free to isntal only jre:
- $ sudo dnf install java-1.8.0-openjdk
- https://gitlab.com/nmav/fedora-crypto-policies
- git clone https://gitlab.com/nmav/fedora-crypto-policies
- cd fedora-crypto-policies/
- pushd ./tests/java/
- javac CipherList.java
- java (even with devel, to compile testcase. )
- then check :
- cat /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security | grep security.useSystemPropertiesFile
- if it is false, then systemsettings are not honored. If it is true, then system setings are honoured
- f26 must have it true by default
- feel free to change it to false, and experiment with all test in this testcase and monitro differences
- if something works with useSystemPropertiesFile=false, and not with useSystemPropertiesFile=true, it should be reported
- then:
- sudo update-crypto-policies --set FUTURE
- java CipherList
- should give you a different (more strict) set than the following:
- sudo update-crypto-policies --set DEFAULT
- java CipherList
- Dont forget to play with java settings
- /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
- Secondly you need:
- icedtea-web - open implementation of javaws and java plugin for browsers
- $ sudo dnf install icedtea-web
- and some stabile test browser
- $ sudo dnf install midori firefox epiphany
- icedtea-web - open implementation of javaws and java plugin for browsers
- Now feel free to run all https tests in the following list:
- note, dont get scared, there is jsut about 10 https tests, and eluminate seems to be correctly broken
- http://icedtea.classpath.org/wiki/IcedTea-Web-Tests
- of course feel free to test any jaavws application/applet favourite of yours
- for javaws follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_webstart_.28javaws.29_test_applications
- $ javaws some_url
- for plugin be sure plugin is recognized (eg close and start firefox/midori/epiphany after install). See it in about:plugins and be aware, that it requres click-and-play (yes, it is legacy technology)
- for plugin follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_plugin_test_sites:
- WARNING firefox may have ISSUES in f26 wayland (default) install midori and test with it
- $ firefox some_url
- $ midori some_url
- Dont forget to play with java settings and global settings
- /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
- and
- update-crypto-policies --set FUTURE/DEFAULT/WHATEVER
Expected Results
- https works fine
- global policy is honored if enabled/is not when disabled