1348525 – OpenJDK should report the elliptic curves supported by NSS, not the SunEC library

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1348525 - OpenJDK should report the elliptic curves supported by NSS, not the SunEC library

Summary: OpenJDK should report the elliptic curves supported by NSS, not the SunEC lib...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	java-1.8.0-openjdk
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Linux
Priority:	high
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Andrew John Hughes
QA Contact:	Lukáš Zachar
Docs Contact:
URL:
Whiteboard:
Depends On:	1022017
Blocks:
TreeView+	depends on / blocked

Reported:	2016-06-21 11:43 UTC by Marcel Kolaja
Modified:	2019-11-14 08:27 UTC (History)
CC List:	18 users (show)
Fixed In Version:	java-1.8.0-openjdk-1.8.0.91-3.b14.el6_8
Doc Type:	Bug Fix
Doc Text:	Prior to this update, a list of elliptic curves provided by an OpenJDK Secure Sockets Layer (SSL) server to a client included some elliptic curves that were not supported. As a consequence, the connection failed when the client selected an unsupported elliptic curve from the list. This update fixes the list of elliptic curves reported by OpenJDK to match the ones OpenJDK can provide. As a result, the connection no longer fails in the described situation.
Clone Of:	1022017
Environment:
Last Closed:	2016-07-12 18:36:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Icedtea Bugzilla	1834	0	None	None	None	2016-06-21 11:43:21 UTC
Red Hat Product Errata	RHBA-2016:1409	0	normal	SHIPPED_LIVE	java-1.8.0-openjdk bug fix update	2016-07-12 22:32:43 UTC

Description Marcel Kolaja 2016-06-21 11:43:12 UTC

This bug has been copied from bug #1022017 and has been proposed
to be backported to 6.8 z-stream (EUS).

Comment 5 Andrew John Hughes 2016-06-21 23:48:46 UTC

To replicate:

1. Set up a Java TLSv1.2 server and run using -Djavax.net.debug=ssl,handshake
2. Connect using openssl s_client -curves prime192v1 -connect <host>:<port>

The OpenSSL installation needs to support additional curves (I couldn't replicate the issue with the RHEL 6.8 one as it only supports the same three curves that our OpenJDK build does). The above -curves command to OpenSSL restricts it to passing just:

Extension elliptic_curves, curve names: {1.2.840.10045.3.1.1}

to the server rather than a full list of all curves.

The issue is that OpenJDK's SunEC provider with NSS doesn't support prime192v1, yet the unpatched Java code believes it does.

On unpatched, the connection fails when it thinks it can use its first preference cipher, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, but the actual
key generation throws an exception:

%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: rsakey
main, handling exception: java.lang.RuntimeException: Could not generate DH keypair
%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]
main, SEND TLSv1.2 ALERT:  fatal, description = internal_error

On patched, it realises they share no supported curves, and so downgrades to a non-ECC connection which works:

%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: rsakey
matching alias: usaduke
matching alias: dsakey
%% Negotiating:  [Session-1, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384]

Comment 6 Hubert Kario 2016-06-22 09:57:13 UTC

I've created a quick reproducer that requires just python and few pure-python libraries that tests that:

https://github.com/tomato42/tlsfuzzer/blob/ecdhe-curves/scripts/test-unsupported-cuve-fallback.py

Usage: https://github.com/tomato42/tlsfuzzer/tree/ecdhe-curves#usage

Please contact me if you plan to use it in RHEL QA.

Comment 9 errata-xmlrpc 2016-07-12 18:36:43 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1409

Note You need to log in before you can comment on or make changes to this bug.