Bug 1422738

Summary:	java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves
Product:	Red Hat Enterprise Linux 7	Reporter:	Anu Saji <asaji>
Component:	java-1.7.0-openjdk	Assignee:	Andrew John Hughes <ahughes>
Status:	CLOSED ERRATA	QA Contact:	Lukáš Zachar <lzachar>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	7.3	CC:	ahughes, dbhole, jvanek, rbost
Target Milestone:	rc
Target Release:	7.4
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	java-1.7.0-openjdk-1.7.0.131-2.6.9.3.el7	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:
Clones:	1441826 (view as bug list)		Environment:
Last Closed:	2017-08-01 07:31:55 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Anu Saji 2017-02-16 03:37:47 UTC

Description of problem:

Seeing following error after  Upgraded java-1.7.0-openjdk from java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el5_11 to java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el5_11


~~~
Exception in thread "RMI TCP Connection(idle)" java.lang.ExceptionInInitializerError
        at sun.security.ssl.HelloExtensions.<init>(HelloExtensions.java:85)
        at sun.security.ssl.HandshakeMessage$ClientHello.<init>(HandshakeMessage.java:240)
        at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:219)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:897)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1033)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:899)
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:254)
        at java.io.DataInputStream.readInt(DataInputStream.java:387)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:724)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.access$400(TCPTransport.java:619)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(TCPTransport.java:684)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(TCPTransport.java:681)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:681)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves
        at sun.security.ssl.SupportedEllipticCurvesExtension.<clinit>(SupportedEllipticCurvesExtension.java:154)
        ... 21 more

Version-Release number of selected component (if applicable):


~~~

Comment 1 Anu Saji 2017-02-16 03:42:23 UTC

The ciphers used -

          String[] ciphers = { "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA","SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA" };


Similar to the Bug reported  here =>https://bugs.openjdk.java.net/browse/JDK-8173783

Is there a plan to backport  the fix  to OPenJDK 7  release ?

Comment 2 Andrew John Hughes 2017-02-17 06:28:59 UTC

Yes: http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3329

Let's move this bug to a newer version of RHEL so we can get ACKs.

Comment 4 Anu Saji 2017-03-01 23:00:36 UTC

Hi,

Are there any update regarding this BZ please?

Regards
Anu

Comment 5 Andrew John Hughes 2017-03-03 06:40:15 UTC

We'll be backporting the patch shortly.

Comment 9 Deepak Bhole 2017-05-16 21:41:22 UTC

Hi Lukas, Should this be assigned to you or to Andrew?

Comment 10 Andrew John Hughes 2017-05-17 02:29:17 UTC

This is expected; we don't support NIST P-192 (1.2.840.10045.3.1.1).
See bug http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=469

Comment 11 Lukáš Zachar 2017-05-17 07:28:19 UTC

Hm, (In reply to Deepak Bhole from comment #9)
> Hi Lukas, Should this be assigned to you or to Andrew?

Andrew, of course. I guess adding attachment and changing status at once was not a good idea.

(In reply to Andrew John Hughes from comment #10)
> This is expected; we don't support NIST P-192 (1.2.840.10045.3.1.1).
> See bug http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=469

Thank you

So back to ON_QA and cleaning failedQA keyword

Comment 18 errata-xmlrpc 2017-08-01 07:31:55 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2287