Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P2
Fix Version/s: 9
Affects Version/s: 6, 7, 8, 9
Component/s: security-libs
Labels:

Subcomponent:
javax.net.ssl
Introduced In Build:
b01
Introduced In Version:

8u121
Resolved In Build:
b141
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8197286	8u192	Xuelei Fan	P2	Resolved	Fixed	b01
JDK-8195469	8u172	Xuelei Fan	P2	Resolved	Fixed	b03
JDK-8190059	8u162	Xuelei Fan	P2	Resolved	Fixed	b04
JDK-8188542	8u161	Unassigned	P2	Resolved	Fixed	b01
JDK-8172934	8u152	Xuelei Fan	P2	Resolved	Fixed	b01
JDK-8168251	8u151	Xuelei Fan	P2	Resolved	Fixed	b01
JDK-8171747	8u141	Xuelei Fan	P2	Resolved	Fixed	b01
JDK-8171568	8u131	Xuelei Fan	P2	Resolved	Fixed	b01
JDK-8167516	8u121	Sean Coffey	P2	Closed	Fixed	b09
JDK-8192309	emb-8u161	Xuelei Fan	P2	Resolved	Fixed	b01
JDK-8184551	emb-8u151	Unassigned	P2	Resolved	Fixed	b01
JDK-8178614	emb-8u141	Unassigned	P2	Resolved	Fixed	b01
JDK-8173539	emb-8u131	Unassigned	P2	Resolved	Fixed	b01
JDK-8170203	emb-8u121	Xuelei Fan	P2	Resolved	Fixed	b09
JDK-8188495	7u171	Unassigned	P2	Resolved	Fixed	b01
JDK-8168278	7u161	Xuelei Fan	P2	Resolved	Fixed	b01
JDK-8171701	7u151	Xuelei Fan	P2	Resolved	Fixed	b01
JDK-8171615	7u141	Xuelei Fan	P2	Resolved	Fixed	b01
JDK-8167517	7u131	Sean Coffey	P2	Closed	Fixed	b06
JDK-8175485	openjdk7u	Xuelei Fan	P2	Resolved	Fixed	master
JDK-8188413	6u181	Unassigned	P2	Resolved	Fixed	b01
JDK-8168287	6u171	Xuelei Fan	P2	Resolved	Fixed	b01
JDK-8171778	6u161	Xuelei Fan	P2	Resolved	Fixed	b01
JDK-8171645	6u151	Xuelei Fan	P2	Resolved	Fixed	b01
JDK-8167518	6u141	Sean Coffey	P2	Closed	Fixed	b06

Bug report:
=========
There are issues with Chrome browser and Java9 ea+138 SSL. While I have investigated what could cause the issue I found following. When I disable following ciphers
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
then Chrome begins to work as expected.

Under other browsers like FireFox or Internet Explorer everything is fine.

One thing to mention, Java9 ea+121 worked fine even with Chrome, so I assume there was regression in one of following versions, but unsure in which one exactly.

In fact all Java SSL based servers are affected, Chrome refuses to run. I get something like that
Caused by: java.lang.NullPointerException
    at sun.security.ssl.EllipticCurvesExtension.getECGenParamSpec(java.base@9-ea/EllipticCurvesExtension.java:374)
    at sun.security.ssl.ECDHCrypt.<init>(java.base@9-ea/ECDHCrypt.java:63)
    at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(java.base@9-ea/ServerHandshaker.java:1584)
    at sun.security.ssl.ServerHandshaker.trySetCipherSuite(java.base@9-ea/ServerHandshaker.java:1368)
    at sun.security.ssl.ServerHandshaker.chooseCipherSuite(java.base@9-ea/ServerHandshaker.java:1172)
    at sun.security.ssl.ServerHandshaker.clientHello(java.base@9-ea/ServerHandshaker.java:800)
    at sun.security.ssl.ServerHandshaker.processMessage(java.base@9-ea/ServerHandshaker.java:237)
    at sun.security.ssl.Handshaker.processLoop(java.base@9-ea/Handshaker.java:1061)
    at sun.security.ssl.Handshaker$1.run(java.base@9-ea/Handshaker.java:1000)
    at sun.security.ssl.Handshaker$1.run(java.base@9-ea/Handshaker.java:997)
    at java.security.AccessController.doPrivileged(java.base@9-ea/Native Method)
    at sun.security.ssl.Handshaker$DelegatedTask.run(java.base@9-ea/Handshaker.java:1476)
    at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1189)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1041)
    ... 26 more

backported by

JDK-8168251 Chrome interop regression with JDK-8148516

Resolved

JDK-8168278 Chrome interop regression with JDK-8148516

Resolved

JDK-8168287 Chrome interop regression with JDK-8148516

Resolved

JDK-8170203 Chrome interop regression with JDK-8148516

Resolved

JDK-8171568 Chrome interop regression with JDK-8148516

Resolved

JDK-8171615 Chrome interop regression with JDK-8148516

Resolved

JDK-8171645 Chrome interop regression with JDK-8148516

Resolved

JDK-8171701 Chrome interop regression with JDK-8148516

Resolved

JDK-8171747 Chrome interop regression with JDK-8148516

Resolved

JDK-8171778 Chrome interop regression with JDK-8148516

Resolved

JDK-8172934 Chrome interop regression with JDK-8148516

Resolved

JDK-8173539 Chrome interop regression with JDK-8148516

Resolved

JDK-8175485 Chrome interop regression with JDK-8148516

Resolved

JDK-8178614 Chrome interop regression with JDK-8148516

Resolved

JDK-8184551 Chrome interop regression with JDK-8148516

Resolved

JDK-8188413 Chrome interop regression with JDK-8148516

Resolved

JDK-8188495 Chrome interop regression with JDK-8148516

Resolved

JDK-8188542 Chrome interop regression with JDK-8148516

Resolved

JDK-8190059 Chrome interop regression with JDK-8148516

Resolved

JDK-8192309 Chrome interop regression with JDK-8148516

Resolved

JDK-8195469 Chrome interop regression with JDK-8148516

Resolved

JDK-8197286 Chrome interop regression with JDK-8148516

Resolved

JDK-8167516 Chrome interop regression with JDK-8148516

Closed

JDK-8167517 Chrome interop regression with JDK-8148516

Closed

JDK-8167518 Chrome interop regression with JDK-8148516

Closed

relates to

JDK-8148516 Increase the minimum strength of EC keys

Closed

JDK-8167547 Test that unsupported EC curves should not be selected during TLS handshaking

Closed

(20 backported by, 2 relates to)

Assignee:: Xuelei Fan

Reporter:: Xuelei Fan

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Due:: 2016-07-30

Created:: 2016-10-10 19:27

Updated:: 2018-02-07 17:07

Resolved:: 2016-10-11 02:12

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates