|
Re: Failing to upload repo to github using eclipse 201912 -SSL protocol_version [message #1818890 is a reply to message #1818859] |
Tue, 31 December 2019 19:43 |
Thomas Wolf Messages: 576 Registered: August 2016 |
Senior Member |
|
|
If you look in the EGit New & Noteworthy it says that EGit now uses Apache HTTP by default. If that doesn't work with whatever Java you're using (com.ibm.jsse2 is definitely not OpenJDK), you could switch back to the Java built-in client.
With OpenJDK using SSLContext.getInstance("TLS") creates sockets supporting TLSv1, TLSv1.1, and TLSv1.2 by default. What does the following code print on IBM JDK?
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, null, null);
SSLSocketFactory factory = context.getSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket();
String[] protocols = socket.getSupportedProtocols();
System.out.println("Supported Protocols: " + protocols.length);
for (String p : protocols) {
System.out.println(" " + p);
}
protocols = socket.getEnabledProtocols();
System.out.println("Enabled Protocols: " + protocols.length);
for (String p : protocols) {
System.out.println(" " + p);
}
What does this print if one uses "TLSv1.2" or "TLSv1.3" instead of "TLS"?
[Updated on: Tue, 31 December 2019 22:10] Report message to a moderator
|
|
|
|
|
|
Re: Failing to upload repo to github using eclipse 201912 -SSL protocol_version [message #1818921 is a reply to message #1818918] |
Thu, 02 January 2020 15:11 |
Thomas Wolf Messages: 576 Registered: August 2016 |
Senior Member |
|
|
Re: Vogons
Yeah, that a new release of some software might have some release notes is really a surprise, isn't it. ;-)
It isn't really hidden. Every release of Eclipse comes with a "New & Noteworthy" page, the one for 2019-12 is linked there and is at https://www.eclipse.org/eclipseide/2019-12/noteworthy/ . The EGit New & Noteworthy in turn is linked there. Reading the release notes (i.e., New & Noteworthy pages) when upgrading is a good idea. :-) We could probably link to the EGit N&N from more places, though.
Re: Default setting:
No, we chose the new Apache HTTP as default setting on purpose to shake out bugs. The Apache HTTP client is not new code, and it has been well tested, but -- as I see now -- only on OpenJDK. Frankly said, that IBM in their infinite "wisdom" chose to implement this SSLContext.getInstance() differently than OpenJDK is a big surprise. But it's not a show-stopper; there's a work-around by setting that system property or by switching back to Java built-in HTTP, and the next release of EGit will contain code to make this work with Apache HTTP on IBM JDK without having to set that system property.
|
|
|
|
Powered by
FUDForum. Page generated in 0.04317 seconds