-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
8u121
-
generic
-
generic
FULL PRODUCT VERSION :
/opt/jdk1.8.0_121/bin/java -version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
uname -a
SunOS usqwrts001 5.10 Generic_147440-19 sun4v sparc SUNW,T5240
A DESCRIPTION OF THE PROBLEM :
We are facing real problem with new release of java jdk1.8.0.121 with ssl connection to our LDAP. Our connection in this release of JDK is finishing with below error which can be seen inside weblogic.log:
####<23.02.2017 13:06:40.607 MET> <Debug> <SecuritySSL> <usqwrts001> <server00> <ConnSetupMgr> <<WLS Kernel>> <> <> <1487851600607> <BEA-000000> <[Thread[ConnSetupMgr,5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).
javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
at weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:734)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:603)
at weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:507)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:96)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:75)
at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:219)
at weblogic.security.providers.authentication.LDAPAtnDelegate$AtnLDAPSSLSocketFactory.makeSocket(LDAPAtnDelegate.java:4915)
at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.access$000(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
Caused By: javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
at sun.security.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init>(HandshakeMessage.java:1053)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:284)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)
at weblogic.socket.JSSEFilterImpl.doTasks(JSSEFilterImpl.java:205)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:111)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:75)
at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:219)
at weblogic.security.providers.authentication.LDAPAtnDelegate$AtnLDAPSSLSocketFactory.makeSocket(LDAPAtnDelegate.java:4915)
at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.access$000(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
We traced packages between JVM and LDAP and that communication is ending on client side (JVM) with Internal Error 80.
Communication looks identically like for jdk1.8.0.112 but JVM for this release is able to exchange keys. For jdk1.8.0_121 this is not possible as after server hello for selected Cipher Suite communication is ending with Internal Error
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Alert Message
Level: Fatal (2)
Description: Internal Error (80)
Connection process can be described in short way:
1 Client (JVM) is sending Client HELLO with all Cipher Specs
2. Server (LDAP) responding Server HELLO with specified Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
3. Communication is ending with Internal Error
For JDK 1.8.0.112 communication is not ending and Client is able to exchange Keys.
We found that include inside the release jdk1.8.0_121 jsse.jar is differ than in jdk1.8.0_112 and below classes are different:
CipherSuite$BulkCipher
CipherSuite$CipherType
CipherSuite$KeyExchange
CipherSuite$MacAlg
CipherSuite$PRF
CipherSuiteList
CipherSuite
ClientHandshaker
ECDHCrypt
HandshakeMessage$CertificateMsg
HandshakeMessage$CertificateRequest
HandshakeMessage$CertificateVerify$1
HandshakeMessage$CertificateVerify
HandshakeMessage$ClientHello
HandshakeMessage$DH
HandshakeMessage$DistinguishedName
HandshakeMessage$ECDH
HandshakeMessage$Finished
HandshakeMessage$RSA
HandshakeMessage$ServerHelloDone
HandshakeMessage$ServerHello
HandshakeMessage$ServerKeyExchange
Handshaker$1
Handshaker$DelegatedTask
Handshaker
JsseJce$EcAvailability
JsseJce
ServerHandshaker$1
ServerHandshaker$2
ServerHandshaker$3
ServerHandshaker
SupportedEllipticCurvesExtension
When we will use jsse.jar taken from jdk1.8.0.112 and used inside release jdk1.0.121 then communication is in place and JVM is able to establish connection with LDAP using SSL by Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 . So for sure something is different and could be there is kind of bug inside jsse.jar in new release. Please investigate and give us recommended solution.
REGRESSION. Last worked in version 8u112
ADDITIONAL REGRESSION INFORMATION:
/opt/jdk1.8.0_112/bin/java -version
java version "1.8.0_112"
Java(TM) SE Runtime Environment (build 1.8.0_112-b15)
Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Start weblogic (with included external authentication in LDAP by SSL) with jdk 1.8.0.121 Release
2 Try to authenticate user in Weblogic console or application
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
User shoudl be authenticated by LDAP
ACTUAL -
SSL communication is ending on JVM side with Internal Error:
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Alert Message
Level: Fatal (2)
Description: Internal Error (80)
Inside Weblogic this is error:
####<23.02.2017 13:06:40.607 MET> <Debug> <SecuritySSL> <usqwrts001> <server00> <ConnSetupMgr> <<WLS Kernel>> <> <> <1487851600607> <BEA-000000> <[Thread[ConnSetupMgr,5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).
javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
ERROR MESSAGES/STACK TRACES THAT OCCUR :
weblogic.log
####<23.02.2017 13:06:40.607 MET> <Debug> <SecuritySSL> <usqwrts001> <server00> <ConnSetupMgr> <<WLS Kernel>> <> <> <1487851600607> <BEA-000000> <[Thread[ConnSetupMgr,5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).
javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
at weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:734)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:603)
at weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:507)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:96)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:75)
at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:219)
at weblogic.security.providers.authentication.LDAPAtnDelegate$AtnLDAPSSLSocketFactory.makeSocket(LDAPAtnDelegate.java:4915)
at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.access$000(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
Caused By: javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
at sun.security.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init>(HandshakeMessage.java:1053)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:284)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)
at weblogic.socket.JSSEFilterImpl.doTasks(JSSEFilterImpl.java:205)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:111)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:75)
at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:219)
at weblogic.security.providers.authentication.LDAPAtnDelegate$AtnLDAPSSLSocketFactory.makeSocket(LDAPAtnDelegate.java:4915)
at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.access$000(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
Output from snoop:
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Alert Message
Level: Fatal (2)
Description: Internal Error (80)
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Workaround is to use previous release: jdk1.8.0.112 But until bug will be fixed we cannot use latest release of java jdk1.8.0.121
/opt/jdk1.8.0_121/bin/java -version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
uname -a
SunOS usqwrts001 5.10 Generic_147440-19 sun4v sparc SUNW,T5240
A DESCRIPTION OF THE PROBLEM :
We are facing real problem with new release of java jdk1.8.0.121 with ssl connection to our LDAP. Our connection in this release of JDK is finishing with below error which can be seen inside weblogic.log:
####<23.02.2017 13:06:40.607 MET> <Debug> <SecuritySSL> <usqwrts001> <server00> <ConnSetupMgr> <<WLS Kernel>> <> <> <1487851600607> <BEA-000000> <[Thread[ConnSetupMgr,5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).
javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
at weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:734)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:603)
at weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:507)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:96)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:75)
at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:219)
at weblogic.security.providers.authentication.LDAPAtnDelegate$AtnLDAPSSLSocketFactory.makeSocket(LDAPAtnDelegate.java:4915)
at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.access$000(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
Caused By: javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
at sun.security.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init>(HandshakeMessage.java:1053)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:284)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)
at weblogic.socket.JSSEFilterImpl.doTasks(JSSEFilterImpl.java:205)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:111)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:75)
at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:219)
at weblogic.security.providers.authentication.LDAPAtnDelegate$AtnLDAPSSLSocketFactory.makeSocket(LDAPAtnDelegate.java:4915)
at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.access$000(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
We traced packages between JVM and LDAP and that communication is ending on client side (JVM) with Internal Error 80.
Communication looks identically like for jdk1.8.0.112 but JVM for this release is able to exchange keys. For jdk1.8.0_121 this is not possible as after server hello for selected Cipher Suite communication is ending with Internal Error
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Alert Message
Level: Fatal (2)
Description: Internal Error (80)
Connection process can be described in short way:
1 Client (JVM) is sending Client HELLO with all Cipher Specs
2. Server (LDAP) responding Server HELLO with specified Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
3. Communication is ending with Internal Error
For JDK 1.8.0.112 communication is not ending and Client is able to exchange Keys.
We found that include inside the release jdk1.8.0_121 jsse.jar is differ than in jdk1.8.0_112 and below classes are different:
CipherSuite$BulkCipher
CipherSuite$CipherType
CipherSuite$KeyExchange
CipherSuite$MacAlg
CipherSuite$PRF
CipherSuiteList
CipherSuite
ClientHandshaker
ECDHCrypt
HandshakeMessage$CertificateMsg
HandshakeMessage$CertificateRequest
HandshakeMessage$CertificateVerify$1
HandshakeMessage$CertificateVerify
HandshakeMessage$ClientHello
HandshakeMessage$DH
HandshakeMessage$DistinguishedName
HandshakeMessage$ECDH
HandshakeMessage$Finished
HandshakeMessage$RSA
HandshakeMessage$ServerHelloDone
HandshakeMessage$ServerHello
HandshakeMessage$ServerKeyExchange
Handshaker$1
Handshaker$DelegatedTask
Handshaker
JsseJce$EcAvailability
JsseJce
ServerHandshaker$1
ServerHandshaker$2
ServerHandshaker$3
ServerHandshaker
SupportedEllipticCurvesExtension
When we will use jsse.jar taken from jdk1.8.0.112 and used inside release jdk1.0.121 then communication is in place and JVM is able to establish connection with LDAP using SSL by Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 . So for sure something is different and could be there is kind of bug inside jsse.jar in new release. Please investigate and give us recommended solution.
REGRESSION. Last worked in version 8u112
ADDITIONAL REGRESSION INFORMATION:
/opt/jdk1.8.0_112/bin/java -version
java version "1.8.0_112"
Java(TM) SE Runtime Environment (build 1.8.0_112-b15)
Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Start weblogic (with included external authentication in LDAP by SSL) with jdk 1.8.0.121 Release
2 Try to authenticate user in Weblogic console or application
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
User shoudl be authenticated by LDAP
ACTUAL -
SSL communication is ending on JVM side with Internal Error:
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Alert Message
Level: Fatal (2)
Description: Internal Error (80)
Inside Weblogic this is error:
####<23.02.2017 13:06:40.607 MET> <Debug> <SecuritySSL> <usqwrts001> <server00> <ConnSetupMgr> <<WLS Kernel>> <> <> <1487851600607> <BEA-000000> <[Thread[ConnSetupMgr,5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).
javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
ERROR MESSAGES/STACK TRACES THAT OCCUR :
weblogic.log
####<23.02.2017 13:06:40.607 MET> <Debug> <SecuritySSL> <usqwrts001> <server00> <ConnSetupMgr> <<WLS Kernel>> <> <> <1487851600607> <BEA-000000> <[Thread[ConnSetupMgr,5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).
javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
at weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:734)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:603)
at weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:507)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:96)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:75)
at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:219)
at weblogic.security.providers.authentication.LDAPAtnDelegate$AtnLDAPSSLSocketFactory.makeSocket(LDAPAtnDelegate.java:4915)
at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.access$000(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
Caused By: javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
at sun.security.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init>(HandshakeMessage.java:1053)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:284)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)
at weblogic.socket.JSSEFilterImpl.doTasks(JSSEFilterImpl.java:205)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:111)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:75)
at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:219)
at weblogic.security.providers.authentication.LDAPAtnDelegate$AtnLDAPSSLSocketFactory.makeSocket(LDAPAtnDelegate.java:4915)
at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr.access$000(Unknown Source)
at netscape.ldap.LDAPConnSetupMgr$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
Output from snoop:
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Alert Message
Level: Fatal (2)
Description: Internal Error (80)
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Workaround is to use previous release: jdk1.8.0.112 But until bug will be fixed we cannot use latest release of java jdk1.8.0.121