Bug 1022950
Summary: | java.lang.RuntimeException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Michal Haško <mhasko> |
Component: | java-1.7.0-openjdk | Assignee: | Andrew John Hughes <ahughes> |
Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.5 | CC: | chuffman, dbhole, hkario, hmiles, jesusr, pslavice, tg |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1008456 | Environment: | |
Last Closed: | 2014-03-13 13:59:25 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1008456 | ||
Bug Blocks: | 1056252 |
Description
Michal Haško
2013-10-24 10:44:13 UTC
Assigning to Andrew to take a look. This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. "This is *only* reproducible on JDK7, not on JDK7." Err... that comment makes no sense :) This is caused by ECC differences in supported algorithms, and a bug on the Java™ side causing the server to always offer ECC even if it finds no suitable curves. Potential workarounds are: • switch to Sun’s ECC implementation instead of the one using NSS • disable ECC completely I’ve used the latter. Accessing the server with cURL vs. GNU wget showing different behaviour is most likely due to them using diverging crypto libraries; for example, I could connect to a server suffering from the bug just fine from a MirBSD system, whose OpenSSL does not include any ECC, so the bug did not trigger. Reference: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1006776 Related RH bug: https://bugzilla.redhat.com/show_bug.cgi?id=1022017 |