ConnectionFactoryTestCase fails if TLSv1.0 is disabled

[tsujiguchitky]

Description

When running the OpenDJ SDK build on CentOS 8, the following unit tests fail.

• ConnectionFactoryTestCase.testBlockingPromiseNoHandler (Run6 & Run7)
• ConnectionFactoryTestCase.testNonBlockingPromiseWithHandler (Run6 & Run7)
• ConnectionFactoryTestCase.testSynchronousConnection (Run6 & Run7)

In CentOS 8, TLSv1.0 is disabled by the system-wide cryptographic policy. The OpenDJ SDK does not seem to work well because it specifies TLSv1.0 as the protocol for the SSL context.

Steps to reproduce

$ mvn test -f opendj-grizzly

Enviroment

• CentOS 8 1911
• java-11-openjdk-11.0.5.10-2.el8_1.x86_64

Build Log

-------------------------------------------------------
 T E S T S
-------------------------------------------------------
Running TestSuite
Configuring TestNG with: TestNG652Configurator

Test environment:

  Java version: 11.0.5
  Java vendor:  Oracle Corporation
  JVM name:     OpenJDK 64-Bit Server VM
  JVM version:  11.0.5+10-LTS
  JVM vendor:   Oracle Corporation
  JVM info:     mixed mode, sharing
  Java home:    /usr/lib/jvm/java-11-openjdk-11.0.5.10-2.el8_1.x86_64
  OS:           Linux 3.10.0-1062.9.1.el7.x86_64 amd64
  Processors:   8
  Max memory:   8384413696
  Total memory: 528482304

How to read the progressive status info:

  Test duration status: {Total min:sec.  Since last status sec.}
  Test count status:  {# test classes  # test methods  # test method invocations  # test failures}.
  TestClass (the class that just completed)

{ 0:00 (  1s)}  {  0c    0m     0i 0f}  : starting
{ 0:02 (  1s)}  {  1c    8m     8i 0f}  : GrizzlyLDAPConnectionFactoryTestCase 
{ 0:02 (  0s)}  {  2c   16m    16i 0f}  : GrizzlyLDAPListenerTestCase 
{ 0:02 (  0s)}  {  3c   61m   686i 0f}  : ASN1BufferReaderTestCase 
{ 0:02 (  0s)}  {  4c   78m   928i 0f}  : ASN1BufferWriterTestCase 
{ 0:02 (  0s)}  {  5c   80m   930i 0f}  : GrizzlyLDAPConnectionTestCase 
{ 0:02 (  0s)}  {  6c   81m   953i 0f}  : GrizzlyLDAPReaderWriterTestCase 
{ 0:02 (  0s)}  {  7c   86m   958i 0f}  : GrizzlyUtilsTestCase 

                 T E S T   F A I L U R E ! ! !

Failed Test:  org.forgerock.opendj.grizzly.ConnectionFactoryTestCase#testBlockingPromiseNoHandler
Failure Cause:  java.util.concurrent.ExecutionException: org.forgerock.opendj.ldap.ConnectionException: Server Connection Closed: Heartbeat failed
    org.forgerock.util.promise.PromiseImpl.get0(PromiseImpl.java:577)
    org.forgerock.util.promise.PromiseImpl.get(PromiseImpl.java:132)
    org.forgerock.opendj.grizzly.ConnectionFactoryTestCase.testBlockingPromiseNoHandler(ConnectionFactoryTestCase.java:264)
parameter[0]: LDAPConnectionFactory(provider=`Grizzly, host='localhost', port=42108, options=org.forgerock.util.Options@54d901aa)

-------------------------------------------------------------------------------

...(Omitted)...

Caused by: org.forgerock.opendj.ldap.LdapException: Local Error: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
    at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:188)
    at org.forgerock.opendj.ldap.spi.ResultLdapPromiseImpl.setResultOrError(ResultLdapPromiseImpl.java:142)
    at org.forgerock.opendj.ldap.spi.ResultLdapPromiseImpl.adaptErrorResult(ResultLdapPromiseImpl.java:120)
    at org.forgerock.opendj.grizzly.LDAPClientFilter$ClientResponseHandler.handleExtendedResult0(LDAPClientFilter.java:399)
    at org.forgerock.opendj.grizzly.LDAPClientFilter$ClientResponseHandler.extendedResult(LDAPClientFilter.java:257)
    at org.forgerock.opendj.io.LDAPReader.readExtendedResult(LDAPReader.java:387)
    at org.forgerock.opendj.io.LDAPReader.readProtocolOp(LDAPReader.java:595)
    at org.forgerock.opendj.io.LDAPReader.readMessage(LDAPReader.java:132)
    at org.forgerock.opendj.grizzly.LDAPBaseFilter.handleRead(LDAPBaseFilter.java:82)

...(Omitted)...

Results :

Failed tests: 
org.forgerock.opendj.grizzly.ConnectionFactoryTestCase.testBlockingPromiseNoHandler(org.forgerock.opendj.grizzly.ConnectionFactoryTestCase)
  Run 1: PASS
  Run 2: PASS
  Run 3: PASS
  Run 4: PASS
  Run 5: PASS
  Run 6: ConnectionFactoryTestCase.testBlockingPromiseNoHandler:264 ? Execution org.for...
  Run 7: ConnectionFactoryTestCase.testBlockingPromiseNoHandler:264 ? Execution org.for...
  Run 8: PASS
  Run 9: PASS
  Run 10: PASS
  Run 11: PASS
  Run 12: PASS
  Run 13: PASS
  Run 14: PASS
  Run 15: PASS
  Run 16: PASS
  Run 17: PASS
  Run 18: PASS
  Run 19: PASS
  Run 20: PASS
  Run 21: PASS

...(Omitted)...

Tests run: 974, Failures: 3, Errors: 0, Skipped: 0

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 7.298 s
[INFO] Finished at: 2020-01-29T08:16:16Z
[INFO] ------------------------------------------------------------------------

[tsujiguchitky]

Workaround

Change the cryptographic policy to LEGACY.

# update-crypto-policies --set LEGACY