Bug 1906862

Summary:	java test in selftest fails
Product:	Red Hat Enterprise Linux 8	Reporter:	Ondrej Moriš <omoris>
Component:	java-1.8.0-openjdk	Assignee:	Andrew John Hughes <ahughes>
Status:	CLOSED ERRATA	QA Contact:	OpenJDK QA <java-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	8.4	CC:	ahughes, dapospis, jandrlik, jvanek, lkonno, mbalao, rlucente, sgehwolf
Target Milestone:	rc	Keywords:	Triaged, ZStream
Target Release:	8.0	Flags:	pm-rhel: mirror+
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	java-1.8.0-openjdk-1.8.0.282.b02-0.2.ea.el8	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:
Clones:	1908784 (view as bug list)		Environment:
Last Closed:	2021-05-18 15:31:11 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1903942, 1908784

Description Ondrej Moriš 2020-12-11 15:48:58 UTC

Description of problem:

Subtest java.pl fails in the self-test.

Version-Release number of selected component (if applicable):

crypto-policies-20200713-1.git51d1222.el8

How reproducible:

100%

Steps to Reproduce:

1. Build the source rpm and run make check.

Actual results:

tests/java.pl
Java ciphersuites per policy
Checking the Java configuration
Checking policy DEFAULT
Exception in thread "main" java.security.NoSuchAlgorithmException: Default SSLContext not available
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
	at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
	at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
	at CipherList.main(CipherList.java:10)
Could not find TLS_EMPTY_RENEGOTIATION_INFO_SCSV in DEFAULT
make[1]: *** [Makefile:47: check] Error 1

Expected results:

Passed test.

Additional info:

FYI, default ciphers in openjdk changed. It was working in 8.3.

Comment 1 Andrew John Hughes 2020-12-14 19:41:25 UTC

You don't seem to list the Java version above, but from IRC, it was java-1.8.0-openjdk-1:1.8.0.272.b06-0.1.el8

8u272 introduced a new TLS stack, with TLSv1.3 support: https://bugs.openjdk.java.net/browse/JDK-8245468

Comment 3 Severin Gehwolf 2020-12-15 14:53:32 UTC

I had a look at the test. CipherList.java looks like:

import java.net.URL;
import java.io.*;
import javax.net.ssl.*;

public class CipherList
{
  public static void main(String[] args)
  throws Exception
  {
    SSLContext context = SSLContext.getDefault();
    int i;
    SSLSocketFactory sf = context.getSocketFactory();
    String[] cipherSuites = sf.getDefaultCipherSuites();

    for (i=0;i<cipherSuites.length;i++)
    {
      System.out.println(cipherSuites[i]);
    }

    System.exit(0);
  }
}

And it's failing at line 10, which is this:

SSLContext context = SSLContext.getDefault();

with:
Exception in thread "main" java.security.NoSuchAlgorithmException: Default SSLContext not available
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
	at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
	at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
	at CipherList.main(CipherList.java:10)


Note that this output is a red herring:
Could not find TLS_EMPTY_RENEGOTIATION_INFO_SCSV in DEFAULT

Comment 14 jiri vanek 2020-12-17 15:29:22 UTC

 Test is to try initialising SSL with -Djava.security.disableSystemPropertiesFile

Comment 21 Martin Balao 2021-01-12 15:08:16 UTC

*** Bug 1915071 has been marked as a duplicate of this bug. ***

Comment 34 errata-xmlrpc 2021-05-18 15:31:11 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (java-1.8.0-openjdk bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1795