Ubuntu
openjdk-6 package

severe openjdk-6-jre ssl negotiation incompatibility (fixed upstream long ago...)

Bug #989236 reported by Cinquero on 2012-04-26

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	openjdk-6 (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

See also:

https://bugster.forgerock.org/jira/browse/OPENDJ-461

How to reproduce:

Install (for example) Hudson CI 2.2.0 and activate the SSL port. Here is the config:

NAME=hudson
JAVA=/usr/lib/jvm/java-1.6.0-openjdk/bin/java
JAVA_ARGS="-Xmx512M -XX:+UseG1GC -Dcom.sun.management.jmxremote.port=18189 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djavax.net.debug=ssl,handshake"
PIDFILE=/var/run/hudson/hudson.pid
HUDSON_USER=hudson
HUDSON_WAR=/usr/share/hudson/hudson.war
HUDSON_HOME=/var/lib/hudson
RUN_STANDALONE=true
HUDSON_LOG=/var/log/hudson/$NAME.log
MAXOPENFILES=8192
HTTP_PORT=9087
AJP_PORT=-1
HUDSON_ARGS="--webroot=/var/run/hudson/war --httpsPort=$((HTTP_PORT+1)) --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT "

Then try to connect using wget, curl or apache reverse proxy and you'll get in hudson.log:

RequestHandlerThread[#5], handling exception: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
RequestHandlerThread[#5], IOException in getSession(): javax.net.ssl.SSLException: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID

Curl outputs:

curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

Current openjdk-7-jre is also affected.

Using my own java 7 build (built against Ubuntu 11.10) works flawlessly on 12.04 (NOT icedtea based, just built using java 7 sources and using java 6 binaries). It is available at https://build.opensuse.org/package/show?package=optjdk7&project=home%3Akalium%3Atest .

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: openjdk-6-jre 6b24-1.11.1-4ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
Uname: Linux 3.2.0-23-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu5
Architecture: amd64
Date: Thu Apr 26 22:46:39 2012
EcryptfsInUse: Yes
ProcEnviron:
TERM=xterm
SHELL=/bin/bash
PATH=(custom, user)
LANG=de_DE.UTF-8
LANGUAGE=de:en
SourcePackage: openjdk-6
UpgradeStatus: Upgraded to precise on 2012-02-12 (74 days ago)

Tags:

Revision history for this message

Cinquero (cinquero) wrote on 2012-04-26:

Dependencies.txt Edit (3.0 KiB, text/plain; charset="utf-8")

Changed in openjdk-6 (Ubuntu):
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Dependencies.txt Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuopenjdk-6 package