Page MenuHomePhabricator
Create Task
Maniphest T281345

Tomcat/CAS fails to start with OpenJDK 11.0.11
Closed, ResolvedPublic
Actions

Description

Tomcat fails to start with 11.0.11 (and a downgrade to11.0.9 fixes it), there are various SSL errors apparenty all related to "Cannot decode named group: x25519"

It seems support this it was in fact backported to 11.0.11: https://bugs.openjdk.java.net/browse/JDK-8171279

Details

SubjectRepoBranchLines +/-
Update java.security file for 11.0.11operations/puppetproduction+373 -212
Manage different templates per Java release branchoperations/puppetproduction+4 -2
Customize query in gerrit

Event Timeline

MoritzMuehlenhoff created this task.Apr 28 2021, 10:19 AM
MoritzMuehlenhoff triaged this task as Medium priority.May 5 2021, 8:37 AM
MoritzMuehlenhoff added a comment.May 10 2021, 10:43 AM

I couldn't pin-point a single change responsible for it, but essentially we need to upgrade the java.security file to the new version from 11.0.11. I'll run some tests whether it works fine if the updated java.security file is used with the not-yet-updated JRE. Also it looks like we'll need separate templates for Java 8 and 11.

gerritbot added a comment.May 10 2021, 11:53 AM

Change 688246 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Manage different templates per Java release branch

https://gerrit.wikimedia.org/r/688246

gerritbot added a project: Patch-For-Review.May 10 2021, 11:53 AM
gerritbot added a comment.May 10 2021, 1:44 PM

Change 688246 merged by Muehlenhoff:

[operations/puppet@production] Manage different templates per Java release branch

https://gerrit.wikimedia.org/r/688246

Maintenance_bot removed a project: Patch-For-Review.May 10 2021, 2:10 PM
gerritbot added a comment.May 10 2021, 2:30 PM

Change 688327 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Update java.security file for 11.0.11

https://gerrit.wikimedia.org/r/688327

gerritbot added a project: Patch-For-Review.May 10 2021, 2:30 PM
gerritbot added a comment.May 11 2021, 12:30 PM

Change 688327 merged by Muehlenhoff:

[operations/puppet@production] Update java.security file for 11.0.11

https://gerrit.wikimedia.org/r/688327

Maintenance_bot removed a project: Patch-For-Review.May 11 2021, 1:10 PM
Stashbot added a comment.May 18 2021, 10:53 AM

Mentioned in SAL (#wikimedia-operations) [2021-05-18T10:53:21Z] <moritzm> upgrade idp-test to OpenJDK 11.0.11 T281345

MoritzMuehlenhoff closed this task as Resolved.May 18 2021, 1:26 PM
MoritzMuehlenhoff claimed this task.

This is resolved (and OpenJDK updated to 11.0.11)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL