openjdk team mailing list archive

Thread
Date

[Bug 989240] Re: severe openjdk-7-jre ssl negotiation incompatibility (fixed upstream long ago...)

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: exactt <989240@xxxxxxxxxxxxxxxxxx>
Date: Wed, 11 Jul 2012 11:49:33 -0000
Reply-to: Bug 989240 <989240@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a duplicate of bug 1006776 ***
    https://bugs.launchpad.net/bugs/1006776

** This bug has been marked a duplicate of bug 1006776
   openjdk-6-jdk ssl negotiation incompatibility

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-7 in Ubuntu.
https://bugs.launchpad.net/bugs/989240

Title:
  severe openjdk-7-jre ssl negotiation incompatibility (fixed upstream
  long ago...)

Status in “openjdk-7” package in Ubuntu:
  Confirmed

Bug description:
  See also:

  https://bugster.forgerock.org/jira/browse/OPENDJ-461

  How to reproduce:

  Install (for example) Hudson CI 2.2.0 and activate the SSL port. Here
  is the config:

  NAME=hudson
  JAVA=/usr/lib/jvm/java-1.7.0-openjdk/bin/java
  JAVA_ARGS="-Xmx512M -XX:+UseG1GC -Dcom.sun.management.jmxremote.port=18189 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djavax.net.debug=ssl,handshake"
  PIDFILE=/var/run/hudson/hudson.pid
  HUDSON_USER=hudson
  HUDSON_WAR=/usr/share/hudson/hudson.war
  HUDSON_HOME=/var/lib/hudson
  RUN_STANDALONE=true
  HUDSON_LOG=/var/log/hudson/$NAME.log
  MAXOPENFILES=8192
  HTTP_PORT=9087
  AJP_PORT=-1
  HUDSON_ARGS="--webroot=/var/run/hudson/war --httpsPort=$((HTTP_PORT+1)) --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT "

  Then try to connect using wget, curl or apache reverse proxy and
  you'll get in hudson.log:

  RequestHandlerThread[#5], handling exception: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
  RequestHandlerThread[#5], IOException in getSession(): javax.net.ssl.SSLException: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID

  Curl outputs:

  curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1
  alert internal error

  Current openjdk-6-jre is also affected.

  Using my own java 7 build (built against Ubuntu 11.10) works
  flawlessly on 12.04 (NOT icedtea based, just built using java 7
  sources and using java 6 binaries). It is available at
  https://build.opensuse.org/package/show?package=optjdk7&project=home%3Akalium%3Atest
  .

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: openjdk-7-jre 7~u3-2.1.1~pre1-1ubuntu2
  ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
  Uname: Linux 3.2.0-23-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0.1-0ubuntu5
  Architecture: amd64
  Date: Thu Apr 26 22:55:48 2012
  EcryptfsInUse: Yes
  ProcEnviron:
   TERM=xterm
   SHELL=/bin/bash
   PATH=(custom, user)
   LANG=de_DE.UTF-8
   LANGUAGE=de:en
  SourcePackage: openjdk-7
  UpgradeStatus: Upgraded to precise on 2012-02-12 (74 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/989240/+subscriptions

References

[Bug 989240] [NEW] severe openjdk-7-jre ssl negotiation incompatibility (fixed upstream long ago...)
From: Cinquero, 2012-04-26