Bug 1348525 - OpenJDK should report the elliptic curves supported by NSS, not the SunEC library
Summary: OpenJDK should report the elliptic curves supported by NSS, not the SunEC lib...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: java-1.8.0-openjdk
Version: 6.5
Hardware: Unspecified
OS: Linux
high
urgent
Target Milestone: rc
: ---
Assignee: Andrew John Hughes
QA Contact: Lukas Zachar
URL:
Whiteboard:
Keywords: Reopened, ZStream
Depends On: 1022017
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-21 11:43 UTC by Marcel Kolaja
Modified: 2016-07-12 18:36 UTC (History)
18 users (show)

(edit)
Prior to this update, a list of elliptic curves provided by an OpenJDK Secure Sockets Layer (SSL) server to a client included some elliptic curves that were not supported. As a consequence, the connection failed when the client selected an unsupported elliptic curve from the list. This update fixes the list of elliptic curves reported by OpenJDK to match the ones OpenJDK can provide. As a result, the connection no longer fails in the described situation.
Clone Of: 1022017
(edit)
Last Closed: 2016-07-12 18:36:43 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1409 normal SHIPPED_LIVE java-1.8.0-openjdk bug fix update 2016-07-12 22:32:43 UTC
Icedtea Bugzilla 1834 None None None 2016-06-21 11:43 UTC

Description Marcel Kolaja 2016-06-21 11:43:12 UTC
This bug has been copied from bug #1022017 and has been proposed
to be backported to 6.8 z-stream (EUS).

Comment 5 Andrew John Hughes 2016-06-21 23:48:46 UTC
To replicate:

1. Set up a Java TLSv1.2 server and run using -Djavax.net.debug=ssl,handshake
2. Connect using openssl s_client -curves prime192v1 -connect <host>:<port>

The OpenSSL installation needs to support additional curves (I couldn't replicate the issue with the RHEL 6.8 one as it only supports the same three curves that our OpenJDK build does). The above -curves command to OpenSSL restricts it to passing just:

Extension elliptic_curves, curve names: {1.2.840.10045.3.1.1}

to the server rather than a full list of all curves.

The issue is that OpenJDK's SunEC provider with NSS doesn't support prime192v1, yet the unpatched Java code believes it does.

On unpatched, the connection fails when it thinks it can use its first preference cipher, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, but the actual
key generation throws an exception:

%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: rsakey
main, handling exception: java.lang.RuntimeException: Could not generate DH keypair
%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]
main, SEND TLSv1.2 ALERT:  fatal, description = internal_error

On patched, it realises they share no supported curves, and so downgrades to a non-ECC connection which works:

%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: rsakey
matching alias: usaduke
matching alias: dsakey
%% Negotiating:  [Session-1, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384]

Comment 6 Hubert Kario 2016-06-22 09:57:13 UTC
I've created a quick reproducer that requires just python and few pure-python libraries that tests that:

https://github.com/tomato42/tlsfuzzer/blob/ecdhe-curves/scripts/test-unsupported-cuve-fallback.py

Usage: https://github.com/tomato42/tlsfuzzer/tree/ecdhe-curves#usage

Please contact me if you plan to use it in RHEL QA.

Comment 9 errata-xmlrpc 2016-07-12 18:36:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1409


Note You need to log in before you can comment on or make changes to this bug.