openjdk team mailing list archive

Thread
Date

[Bug 989236] Re: severe openjdk-6-jre ssl negotiation incompatibility (fixed upstream long ago...)

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Cinquero <989236@xxxxxxxxxxxxxxxxxx>
Date: Thu, 26 Apr 2012 20:55:24 -0000
Reply-to: Bug 989236 <989236@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: openjdk-6 (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in Ubuntu.
https://bugs.launchpad.net/bugs/989236

Title:
  severe openjdk-6-jre ssl negotiation incompatibility (fixed upstream
  long ago...)

Status in “openjdk-6” package in Ubuntu:
  Confirmed

Bug description:
  See also:

  https://bugster.forgerock.org/jira/browse/OPENDJ-461

  How to reproduce:

  Install (for example) Hudson CI 2.2.0 and activate the SSL port. Here
  is the config:

  NAME=hudson
  JAVA=/usr/lib/jvm/java-1.6.0-openjdk/bin/java
  JAVA_ARGS="-Xmx512M -XX:+UseG1GC -Dcom.sun.management.jmxremote.port=18189 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djavax.net.debug=ssl,handshake"
  PIDFILE=/var/run/hudson/hudson.pid
  HUDSON_USER=hudson
  HUDSON_WAR=/usr/share/hudson/hudson.war
  HUDSON_HOME=/var/lib/hudson
  RUN_STANDALONE=true
  HUDSON_LOG=/var/log/hudson/$NAME.log
  MAXOPENFILES=8192
  HTTP_PORT=9087
  AJP_PORT=-1
  HUDSON_ARGS="--webroot=/var/run/hudson/war --httpsPort=$((HTTP_PORT+1)) --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT "

  
  Then try to connect using wget, curl or apache reverse proxy and you'll get in hudson.log:

  RequestHandlerThread[#5], handling exception: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
  RequestHandlerThread[#5], IOException in getSession():  javax.net.ssl.SSLException: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID

  Curl outputs:

  curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1
  alert internal error

  
  Current openjdk-7-jre is also affected.

  
  Using my own java 7 build (built against Ubuntu 11.10) works flawlessly on 12.04  (NOT icedtea based, just built using java 7 sources and using java 6 binaries). It is available at https://build.opensuse.org/package/show?package=optjdk7&project=home%3Akalium%3Atest .

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: openjdk-6-jre 6b24-1.11.1-4ubuntu2
  ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
  Uname: Linux 3.2.0-23-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0.1-0ubuntu5
  Architecture: amd64
  Date: Thu Apr 26 22:46:39 2012
  EcryptfsInUse: Yes
  ProcEnviron:
   TERM=xterm
   SHELL=/bin/bash
   PATH=(custom, user)
   LANG=de_DE.UTF-8
   LANGUAGE=de:en
  SourcePackage: openjdk-6
  UpgradeStatus: Upgraded to precise on 2012-02-12 (74 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/989236/+subscriptions

References

[Bug 989236] [NEW] severe openjdk-6-jre ssl negotiation incompatibility (fixed upstream long ago...)
From: Cinquero, 2012-04-26