Details
-
Bug
-
Resolution: Fixed
-
P2
-
8u261, 11.0.8-oracle
-
b01
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8253887 | 11.0.10 | David Alvarez | P2 | Resolved | Fixed | b01 |
| JDK-8251436 | 11.0.9-oracle | Sean Coffey | P2 | Closed | Fixed | b05 |
| JDK-8253613 | 11.0.9 | David Alvarez | P2 | Resolved | Fixed | b10 |
| JDK-8251393 | 8u281 | Sean Coffey | P2 | Resolved | Fixed | b01 |
| JDK-8251408 | 8u271 | Sean Coffey | P2 | Closed | Fixed | b05 |
| JDK-8257321 | emb-8u281 | Sean Coffey | P2 | Resolved | Fixed | team |
| JDK-8252277 | emb-8u271 | Sean Coffey | P2 | Resolved | Fixed | team |
Description
When they enable FIPS, their code uses the JDK Security provider name Alias
feature to workaround the JDBC driver's SSL Context loading problem (i.e., in
CustomSSLSocketFactory.createSSLContext(), line 337
/* 337 */ SSLContext arg2 = SSLContext.getInstance("SSL");
The workaround is provided by OCI code JCEProviders.load(), with following
use of alias "TLS" for "SSL"
// Remove default jsse provider, and add a BC FIPS compatible one
com.sun.net.ssl.internal.ssl.Provider jsseProvider =
new com.sun.net.ssl.internal.ssl.Provider(BouncyCastleFipsProvider.PROVIDER_NAME);
jsseProvider.put("Alg.Alias.SSLContext.SSL", "TLS"); // Map SSL -> TLS for SSLContext
Security.removeProvider(jsseProvider.getName());
Security.insertProviderAt(jsseProvider, 2);
log.info("Initialized JSSE provider with BouncyCastle-FIPS in position 2");
Now with latest JDK8 261 B33, this workaround no longer works, and saw
following exception when connecting to ATP Database by using JDBC8 driver
Exception in thread "main" java.sql.SQLRecoverableException: IO Error: The
Network Adapter could not establish the connection
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:801)
at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:782)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:704)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:208)
at com.oracle.oci.cnrc.jdbc.Main.getConnection(Main.java:86)
at com.oracle.oci.cnrc.jdbc.Main.main(Main.java:42)
Caused by: oracle.net.ns.NetException: The Network Adapter could not establish the connection
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:569)
at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:521)
at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:660)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:287)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1481)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:540)
... 7 more
Caused by: oracle.net.ns.NetException: Unable to initialize ssl context.
atoracle.net.nt.CustomSSLSocketFactory.createSSLContext(CustomSSLSocketFactory.java:344)
at oracle.net.nt.CustomSSLSocketFactory.getSSLContext(CustomSSLSocketFactory.java:305)
at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketEngine(CustomSSLSocketFactory.java:271)
at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:170)
at oracle.net.nt.ConnOption.connect(ConnOption.java:172)
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:508)
... 12 more
Caused by: java.security.NoSuchAlgorithmException: SSL SSLContext not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at oracle.net.nt.CustomSSLSocketFactory.createSSLContext(CustomSSLSocketFactory.java:337)
... 17 more
Attachments
Issue Links
- backported by
-
JDK-8251393 Provider.put no longer registering aliases in FIPS env
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
JDK-7092821 java.security.Provider.getService() is synchronized and became scalability bottleneck
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-