openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #07976
[Bug 989236] Re: severe openjdk-6-jre ssl negotiation incompatibility (fixed upstream long ago...)
** Changed in: openjdk-6 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in Ubuntu.
https://bugs.launchpad.net/bugs/989236
Title:
severe openjdk-6-jre ssl negotiation incompatibility (fixed upstream
long ago...)
Status in “openjdk-6” package in Ubuntu:
Confirmed
Bug description:
See also:
https://bugster.forgerock.org/jira/browse/OPENDJ-461
How to reproduce:
Install (for example) Hudson CI 2.2.0 and activate the SSL port. Here
is the config:
NAME=hudson
JAVA=/usr/lib/jvm/java-1.6.0-openjdk/bin/java
JAVA_ARGS="-Xmx512M -XX:+UseG1GC -Dcom.sun.management.jmxremote.port=18189 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djavax.net.debug=ssl,handshake"
PIDFILE=/var/run/hudson/hudson.pid
HUDSON_USER=hudson
HUDSON_WAR=/usr/share/hudson/hudson.war
HUDSON_HOME=/var/lib/hudson
RUN_STANDALONE=true
HUDSON_LOG=/var/log/hudson/$NAME.log
MAXOPENFILES=8192
HTTP_PORT=9087
AJP_PORT=-1
HUDSON_ARGS="--webroot=/var/run/hudson/war --httpsPort=$((HTTP_PORT+1)) --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT "
Then try to connect using wget, curl or apache reverse proxy and you'll get in hudson.log:
RequestHandlerThread[#5], handling exception: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
RequestHandlerThread[#5], IOException in getSession(): javax.net.ssl.SSLException: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
Curl outputs:
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1
alert internal error
Current openjdk-7-jre is also affected.
Using my own java 7 build (built against Ubuntu 11.10) works flawlessly on 12.04 (NOT icedtea based, just built using java 7 sources and using java 6 binaries). It is available at https://build.opensuse.org/package/show?package=optjdk7&project=home%3Akalium%3Atest .
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: openjdk-6-jre 6b24-1.11.1-4ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
Uname: Linux 3.2.0-23-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu5
Architecture: amd64
Date: Thu Apr 26 22:46:39 2012
EcryptfsInUse: Yes
ProcEnviron:
TERM=xterm
SHELL=/bin/bash
PATH=(custom, user)
LANG=de_DE.UTF-8
LANGUAGE=de:en
SourcePackage: openjdk-6
UpgradeStatus: Upgraded to precise on 2012-02-12 (74 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/989236/+subscriptions
References