The LDAP server (org.forgerock.opendj.ldap.LDAPServer) used by the OpenDJ SDK for testing can not present a certificate when the LDAP client accesses with SSL. This is because the LDAP server has not set KeyManager. Until now, since the test class used anonymous cipher suites when accessing with SSL, there was no problem.
Anonymous cipher suites have been disabled by default since JDK 8u201. As a result, unit tests have failed.
Solution
Do not use anonymous ciphers in test classes. Also, the test LDAP server needs to set KeyManager and present a certificate when SSL access from the client.
I also considered the method of generating a certificate in memory, but in this method it was necessary to use an internal API such as X500Name or CertAndKeyGen, so I modified it to prepare a keystore file.
tsujiguchitky
commented
5 years ago
Analysis
The LDAP server (org.forgerock.opendj.ldap.LDAPServer) used by the OpenDJ SDK for testing can not present a certificate when the LDAP client accesses with SSL. This is because the LDAP server has not set KeyManager. Until now, since the test class used anonymous cipher suites when accessing with SSL, there was no problem.
Anonymous cipher suites have been disabled by default since JDK 8u201. As a result, unit tests have failed.
Solution
Do not use anonymous ciphers in test classes. Also, the test LDAP server needs to set KeyManager and present a certificate when SSL access from the client.
I also considered the method of generating a certificate in memory, but in this method it was necessary to use an internal API such as X500Name or CertAndKeyGen, so I modified it to prepare a keystore file.
Testing