← Back to team overview

openjdk team mailing list archive

[Bug 1691126] Re: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves

 

Hi, sorry for the problem people are experiencing. Tiago has prepared
packages which are undergoing review and testing. I have made these
package available in the ubuntu-security-proposed ppa (except for on the
armhf architecture) at https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/ .

It would be greatly appreciated if people could test these packages to
verify that the address the regression you're seeing. That said, it's
important to understand that these still need to be tested, and should
not be used in production.

Thanks, and again, my apologies.

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-7 in Ubuntu.
https://bugs.launchpad.net/bugs/1691126

Title:
  java.lang.IllegalArgumentException: System property
  jdk.tls.namedGroups(null) contains no supported elliptic curves

Status in openjdk-7 package in Ubuntu:
  Invalid
Status in openjdk-7 source package in Trusty:
  In Progress

Bug description:
  Tested with the puppetserver package (version 2.2.0-1puppetlabs1).

  When running:

  $ openssl s_client -showcerts -connect "$(hostname -f):8140"

  The following java exception is thrown in the puppetserver:

  2017-05-16 14:20:42,835 WARN  [qtp1887840931-59] [o.e.j.u.t.QueuedThreadPool]
  java.lang.ExceptionInInitializerError: null
          at sun.security.ssl.HelloExtensions.<init>(HelloExtensions.java:85) ~[na:1.7.0_131]
          at sun.security.ssl.HandshakeMessage$ClientHello.<init>(HandshakeMessage.java:240) ~[na:1.7.0_131]
          at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:219) ~[na:1.7.0_131]
          at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961) ~[na:1.7.0_131]
          at sun.security.ssl.Handshaker$1.run(Handshaker.java:901) ~[na:1.7.0_131]
          at sun.security.ssl.Handshaker$1.run(Handshaker.java:899) ~[na:1.7.0_131]
          at java.security.AccessController.doPrivileged(Native Method) ~[na:1.7.0_131]
          at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1333) ~[na:1.7.0_131]
          at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:612) ~[puppet-server-release.jar:na]
          at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:239) ~[puppet-server-release.jar:na]
          at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) ~[puppet-server-release.jar:na]
          at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) ~[puppet-server-release.jar:na]
          at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) ~[puppet-server-release.jar:na]
          at java.lang.Thread.run(Thread.java:745) [na:1.7.0_131]
  Caused by: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves
          at sun.security.ssl.SupportedEllipticCurvesExtension.<clinit>(SupportedEllipticCurvesExtension.java:154) ~[na:1.7.0_131]
          ... 14 common frames omitted

  This bug seems to be the same as the one described in:
  - https://bugzilla.redhat.com/show_bug.cgi?id=1422738
  - https://bugs.openjdk.java.net/browse/JDK-8173783
  - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3329

  It looks like this was introduced by adding open-jdk 7u131-2.6.9-0 to
  http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/pool/main/o/openjdk-7/


  EDIT: WORKAROUND

  The original workaround steps no longer work because the required
  package has been removed from http://eu-
  west-1.ec2.archive.ubuntu.com/ubuntu/pool/main/o/openjdk-7.

  The new steps make you use the repository at
  https://launchpad.net/~openjdk-r/+archive/ubuntu/ppa.

  $ gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/
  apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv DA1A4A13543B466853BAF164EB9B1D8886F44E2A

  $ echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu trusty main 
  deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu trusty main" > /etc/apt/sources.list.d/openjdk-r-ppa.list

  $ apt-get update

  $ apt-get install openjdk-7-jre-headless=7u121-2.6.8-1~14.04

  $ service puppetserver restart


  ----

  > We also need:
  > 1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> About Ubuntu

  $ lsb_release -rd
  Description:    Ubuntu 14.04.5 LTS
  Release:        14.04

  > 2) The version of the package you are using, via 'apt-cache policy
  pkgname' or by checking in Software Center

  $ apt-cache policy openjdk-7-jre-headless
  openjdk-7-jre-headless:
    Installed: 7u131-2.6.9-0ubuntu0.14.04.1
    Candidate: 7u131-2.6.9-0ubuntu0.14.04.1
    Version table:
   *** 7u131-2.6.9-0ubuntu0.14.04.1 0
          500 http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
          100 /var/lib/dpkg/status
       7u51-2.4.6-1ubuntu4 0
          500 http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

  > 3) What you expected to happen

  We expected this command to return certificate information for a web
  server:

  $ openssl s_client -showcerts -connect "$(hostname -f):8140"

  > 4) What happened instead

  The command failed and the webserver had a Java stack trace (see
  above).

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: openjdk-7-jre-headless 7u131-2.6.9-0ubuntu0.14.04.1
  ProcVersionSignature: Ubuntu 3.19.0-58.64~14.04.1-generic 3.19.8-ckt16
  Uname: Linux 3.19.0-58-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.23
  Architecture: amd64
  Date: Tue May 16 14:21:01 2017
  Ec2AMI: ami-30b59b43
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: eu-west-1a
  Ec2InstanceType: t2.small
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  ProcEnviron:
   TERM=screen-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openjdk-7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1691126/+subscriptions


References