-
Bug
-
Resolution: Fixed
-
P4
-
8, 11, 17, 21, 22
-
b18
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8355099 | 21.0.8 | Goetz Lindenmaier | P4 | Resolved | Fixed | master |
Many HTTPClient tests are occasionally failing with the following stack trace:
javax.net.ssl.SSLHandshakeException: No available authentication scheme
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:967)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:956)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:437)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1245)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1181)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:839)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:800)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at jdk.httpclient.test.lib.http2.Http2TestServerConnection.handshake(Http2TestServerConnection.java:317)
at jdk.httpclient.test.lib.http2.Http2TestServerConnection.<init>(Http2TestServerConnection.java:165)
at jdk.httpclient.test.lib.http2.Http2TestServer.createConnection(Http2TestServer.java:389)
at jdk.httpclient.test.lib.http2.Http2TestServer$AcceptedConnection.startConnection(Http2TestServer.java:306)
The failing tests include:
java/net/httpclient/ManyRequests.java
java/net/httpclient/ManyRequests2.java
java/net/httpclient/LargeResponseTest.java
Additional logging revealed that the handshake failures were caused by this exception:
java.util.ConcurrentModificationException
at java.base/java.util.HashMap$HashIterator.nextNode(HashMap.java:1605)
at java.base/java.util.HashMap$KeyIterator.next(HashMap.java:1628)
at java.base/java.util.AbstractCollection.addAll(AbstractCollection.java:337)
at java.base/java.util.HashSet.<init>(HashSet.java:121)
at java.base/java.security.KeyStore$PrivateKeyEntry.<init>(KeyStore.java:569)
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetEntry(PKCS12KeyStore.java:1338)
at java.base/sun.security.util.KeyStoreDelegator.engineGetEntry(KeyStoreDelegator.java:174)
at java.base/java.security.KeyStore.getEntry(KeyStore.java:1576)
at java.base/sun.security.ssl.X509KeyManagerImpl.getEntry(X509KeyManagerImpl.java:271)
at java.base/sun.security.ssl.X509KeyManagerImpl.getPrivateKey(X509KeyManagerImpl.java:117)
at java.base/sun.security.ssl.X509Authentication.createServerPossession(X509Authentication.java:300)
at java.base/sun.security.ssl.X509Authentication.createPossession(X509Authentication.java:195)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.choosePossession(CertificateMessage.java:1056)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:965)
which in turn is caused by PKCS12KeyStore.getAttributes updating the same HashSet over and over again in multiple threads.
javax.net.ssl.SSLHandshakeException: No available authentication scheme
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:967)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:956)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:437)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1245)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1181)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:839)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:800)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at jdk.httpclient.test.lib.http2.Http2TestServerConnection.handshake(Http2TestServerConnection.java:317)
at jdk.httpclient.test.lib.http2.Http2TestServerConnection.<init>(Http2TestServerConnection.java:165)
at jdk.httpclient.test.lib.http2.Http2TestServer.createConnection(Http2TestServer.java:389)
at jdk.httpclient.test.lib.http2.Http2TestServer$AcceptedConnection.startConnection(Http2TestServer.java:306)
The failing tests include:
java/net/httpclient/ManyRequests.java
java/net/httpclient/ManyRequests2.java
java/net/httpclient/LargeResponseTest.java
Additional logging revealed that the handshake failures were caused by this exception:
java.util.ConcurrentModificationException
at java.base/java.util.HashMap$HashIterator.nextNode(HashMap.java:1605)
at java.base/java.util.HashMap$KeyIterator.next(HashMap.java:1628)
at java.base/java.util.AbstractCollection.addAll(AbstractCollection.java:337)
at java.base/java.util.HashSet.<init>(HashSet.java:121)
at java.base/java.security.KeyStore$PrivateKeyEntry.<init>(KeyStore.java:569)
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetEntry(PKCS12KeyStore.java:1338)
at java.base/sun.security.util.KeyStoreDelegator.engineGetEntry(KeyStoreDelegator.java:174)
at java.base/java.security.KeyStore.getEntry(KeyStore.java:1576)
at java.base/sun.security.ssl.X509KeyManagerImpl.getEntry(X509KeyManagerImpl.java:271)
at java.base/sun.security.ssl.X509KeyManagerImpl.getPrivateKey(X509KeyManagerImpl.java:117)
at java.base/sun.security.ssl.X509Authentication.createServerPossession(X509Authentication.java:300)
at java.base/sun.security.ssl.X509Authentication.createPossession(X509Authentication.java:195)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.choosePossession(CertificateMessage.java:1056)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:965)
which in turn is caused by PKCS12KeyStore.getAttributes updating the same HashSet over and over again in multiple threads.
- backported by
-
JDK-8355099 TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry
-
- Resolved
-
- blocks
-
-
- Closed
-
- relates to
-
-
- Closed
-
- links to
-
Commit
openjdk/jdk/d2e2c4ce
-
Commit(master)
openjdk/jdk21u-dev/091c5698
-
Review
openjdk/jdk/14506
-
Review
openjdk/jdk/15909
-
Review(master)
openjdk/jdk21u-dev/1674
(3 links to)