-
Bug
-
Resolution: Fixed
-
P3
-
7u3
-
b40
-
generic
-
generic
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-2225006 | 7u6 | Xuelei Fan | P3 | Closed | Fixed | b12 |
When we run performance tests of Weblogic running on Hotspot 7 and attempt to open multiple SSL clients to the server at the same time, the server generates this exception:
<Mar 12, 2012 1:58:13 PM PDT> <Error> <HTTP> <BEA-101083> <Connection failure.
java.lang.NullPointerException
at sun.security.ssl.SSLEngineImpl.getSupportedCipherSuites(SSLEngineImpl.java:1992)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.getSupportedCipherSuites(JaSSLEngine.java:220)
at weblogic.socket.JSSESocket.getSupportedCipherSuites(JSSESocket.java:115)
at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:198)
at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:163)
The problem is that all SSL engine objects are constructed with the same, default SSL context (from SSLContext.getDefaultInstance()). So we have multiple engines (in multiple threads) executing this code:
return sslContext.getSuportedCipherSuiteList().toStringArray();
With the default sslcontext, that code is not threadsafe:
clearAvailableCache(); // sets supportedCipherSuiteList to null
if (supportedCipherSuiteList == null) {
supportedCipherSuiteList =
getApplicableCipherSuiteList(getSuportedProtocolList(), false);
}
return supportedCipherSuiteList;
So Thread A comes in, tests if the suite list is null; it is not so thread A continues. Now Thread B calls clearAvailableCache() and sets supportedCipherSuiteList to null. Thread A then returns the null variable.
<Mar 12, 2012 1:58:13 PM PDT> <Error> <HTTP> <BEA-101083> <Connection failure.
java.lang.NullPointerException
at sun.security.ssl.SSLEngineImpl.getSupportedCipherSuites(SSLEngineImpl.java:1992)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.getSupportedCipherSuites(JaSSLEngine.java:220)
at weblogic.socket.JSSESocket.getSupportedCipherSuites(JSSESocket.java:115)
at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:198)
at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:163)
The problem is that all SSL engine objects are constructed with the same, default SSL context (from SSLContext.getDefaultInstance()). So we have multiple engines (in multiple threads) executing this code:
return sslContext.getSuportedCipherSuiteList().toStringArray();
With the default sslcontext, that code is not threadsafe:
clearAvailableCache(); // sets supportedCipherSuiteList to null
if (supportedCipherSuiteList == null) {
supportedCipherSuiteList =
getApplicableCipherSuiteList(getSuportedProtocolList(), false);
}
return supportedCipherSuiteList;
So Thread A comes in, tests if the suite list is null; it is not so thread A continues. Now Thread B calls clearAvailableCache() and sets supportedCipherSuiteList to null. Thread A then returns the null variable.
- backported by
-
JDK-2225006 NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites
-
- Closed
-
- relates to
-
JDK-7167092 Need to put the return clause in the synchronized block
-
- Closed
-