[JAVA-2740] Work around JDK bug that can cause SCRAM-SHA-1 authentication to intermittently fail Created: 22/Jan/18 Updated: 28/Oct/23 Resolved: 22/Jan/18 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | Authentication |
| Affects Version/s: | None |
| Fix Version/s: | 3.6.2 |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | Jeffrey Yemin | Assignee: | Jeffrey Yemin |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Case: | (copied to CRM) | ||||
| Description |
|
A JVM bug, originally reported in https://stackoverflow.com/questions/46971788/java-cipher-pbe-thread-safety-issue, can cause SCRAM-SHA-1 authentication to intermittently fail. Synchronizing access to the java.security.Key instance used in com.mongodb.connection.ScramSha1Authenticator.ScramSha1SaslClient#hi has been demonstrated to be an effective workaround to the bug, as suggested in JDK-8055183 JDK bug links: |
| Comments |
| Comment by Githook User [ 22/Jan/18 ] |
|
Author: {'name': 'Jeff Yemin', 'email': 'jeff.yemin@10gen.com', 'username': 'jyemin'}Message: See https://bugs.openjdk.java.net/browse/JDK-8191177 for the bug report and https://bugs.openjdk.java.net/browse/JDK-8055183 for the suggested workaround |
| Comment by Githook User [ 22/Jan/18 ] |
|
Author: {'name': 'Jeff Yemin', 'email': 'jeff.yemin@10gen.com', 'username': 'jyemin'}Message: See https://bugs.openjdk.java.net/browse/JDK-8191177 for the bug report and https://bugs.openjdk.java.net/browse/JDK-8055183 for the suggested workaround |