-
Bug
-
Resolution: Fixed
-
P3
-
openjdk8u272, 13.0.2
-
- 8bpr-critical-approved
- TLS-1.3
- additional-information-not-received
- azul-interest
- dcsaw
- jdk11u-fix-request
- jdk11u-fix-yes
- jdk13u-fix-request
- jdk13u-fix-yes
- jdk15u-fix-request
- jdk15u-fix-yes
- jdk16u-fix-SQE-ok
- jdk16u-fix-request
- jdk16u-fix-yes
- jdk8u-fix-request
- jdk8u-fix-yes
- noreg-hard
- reproducer-hard
- webbug
-
b22
-
x86
-
linux
-
Not verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8268408 | 16u-cpu | Alexey Bakhtin | P3 | Resolved | Fixed | master |
JDK-8268028 | 16.0.2 | Alexey Bakhtin | P3 | Resolved | Fixed | b07 |
JDK-8266908 | 15.0.4 | Alexey Bakhtin | P3 | Resolved | Fixed | b02 |
JDK-8266956 | 13.0.8 | Alexey Bakhtin | P3 | Resolved | Fixed | b02 |
JDK-8276104 | 11.0.15-oracle | Prasadarao Koppula | P3 | Resolved | Fixed | b01 |
JDK-8267913 | 11.0.12 | Alexey Bakhtin | P3 | Resolved | Fixed | b05 |
JDK-8269876 | openjdk8u312 | Alexey Bakhtin | P3 | Resolved | Fixed | b01 |
JDK-8276161 | 8u331 | Prasadarao Koppula | P3 | Resolved | Fixed | b01 |
JDK-8279113 | 8u321 | Prasadarao Koppula | P3 | Resolved | Fixed | b31 |
JDK-8278314 | 8u311 | Prasadarao Koppula | P3 | Closed | Fixed | b34 |
Ubuntu 18.04, Tomcat 9.0.30
A DESCRIPTION OF THE PROBLEM :
Running a Tomcat server with TLSv1.2 and TLSv1.3 only enabled I see the following stack traces in the logs:
Jan 30, 2020 8:47:54 PM org.apache.tomcat.util.net.NioEndpoint$SocketProcessor doRun
SEVERE: Error running socket processor
java.lang.NullPointerException
at java.base/sun.security.ssl.HKDF.extract(HKDF.java:93)
at java.base/sun.security.ssl.HKDF.extract(HKDF.java:119)
at java.base/sun.security.ssl.ServerHello.setUpPskKD(ServerHello.java:1203)
at java.base/sun.security.ssl.ServerHello$T13ServerHelloProducer.produce(ServerHello.java:559)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1252)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1188)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:851)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:812)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1247)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:691)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1192)
at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:443)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:507)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1575)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:830)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
According to Tomcat developers (https://bz.apache.org/bugzilla/show_bug.cgi?id=64105) this is related to TLSv1.3 clients. I'm not sure which client triggers it, at the moment I don't have a way to reliably trigger this bug.
FREQUENCY : occasionally
WORKAROUND:
Disable TLSv1.3 and running with TLSv1.2 only. Or use OpenSSL for the encryption.
- backported by
-
JDK-8266908 NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- Resolved
-
JDK-8266956 NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- Resolved
-
JDK-8267913 NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- Resolved
-
JDK-8268028 NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- Resolved
-
JDK-8268408 NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- Resolved
-
JDK-8269876 NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- Resolved
-
JDK-8276104 NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- Resolved
-
JDK-8276161 NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- Resolved
-
JDK-8279113 NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- Resolved
-
JDK-8278314 NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- Closed
- links to
-
Commit openjdk/jdk13u-dev/235c8ba2
-
Commit openjdk/jdk15u-dev/2486d30b
-
Commit openjdk/jdk16u/3ceb080a
-
Commit openjdk/jdk/1603ca23
-
Review openjdk/jdk13u-dev/204
-
Review openjdk/jdk15u-dev/48
-
Review openjdk/jdk16u/124
-
Review openjdk/jdk/3664