Bug 1422738 - java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves
Summary: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null)...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: java-1.7.0-openjdk
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 7.4
Assignee: Andrew John Hughes
QA Contact: Lukas Zachar
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-16 03:37 UTC by Anu Saji
Modified: 2017-08-01 07:31 UTC (History)
4 users (show)

(edit)
Clone Of:
: 1441826 (view as bug list)
(edit)
Last Closed: 2017-08-01 07:31:55 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
openjdk bug system JDK-8173783 None None None 2017-02-17 06:32 UTC
Icedtea Bugzilla 3329 None None None 2018-12-18 12:17 UTC
Red Hat Product Errata RHBA-2017:2287 normal SHIPPED_LIVE java-1.7.0-openjdk bug fix and enhancement update 2017-08-01 11:26:51 UTC

Description Anu Saji 2017-02-16 03:37:47 UTC
Description of problem:

Seeing following error after  Upgraded java-1.7.0-openjdk from java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el5_11 to java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el5_11


~~~
Exception in thread "RMI TCP Connection(idle)" java.lang.ExceptionInInitializerError
        at sun.security.ssl.HelloExtensions.<init>(HelloExtensions.java:85)
        at sun.security.ssl.HandshakeMessage$ClientHello.<init>(HandshakeMessage.java:240)
        at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:219)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:897)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1033)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:899)
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:254)
        at java.io.DataInputStream.readInt(DataInputStream.java:387)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:724)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.access$400(TCPTransport.java:619)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(TCPTransport.java:684)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(TCPTransport.java:681)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:681)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves
        at sun.security.ssl.SupportedEllipticCurvesExtension.<clinit>(SupportedEllipticCurvesExtension.java:154)
        ... 21 more

Version-Release number of selected component (if applicable):


~~~

Comment 1 Anu Saji 2017-02-16 03:42:23 UTC
The ciphers used -

          String[] ciphers = { "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA","SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA" };


Similar to the Bug reported  here =>https://bugs.openjdk.java.net/browse/JDK-8173783

Is there a plan to backport  the fix  to OPenJDK 7  release ?

Comment 2 Andrew John Hughes 2017-02-17 06:28:59 UTC
Yes: http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3329

Let's move this bug to a newer version of RHEL so we can get ACKs.

Comment 4 Anu Saji 2017-03-01 23:00:36 UTC
Hi,

Are there any update regarding this BZ please?

Regards
Anu

Comment 5 Andrew John Hughes 2017-03-03 06:40:15 UTC
We'll be backporting the patch shortly.

Comment 9 Deepak Bhole 2017-05-16 21:41:22 UTC
Hi Lukas, Should this be assigned to you or to Andrew?

Comment 10 Andrew John Hughes 2017-05-17 02:29:17 UTC
This is expected; we don't support NIST P-192 (1.2.840.10045.3.1.1).
See bug http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=469

Comment 11 Lukas Zachar 2017-05-17 07:28:19 UTC
Hm, (In reply to Deepak Bhole from comment #9)
> Hi Lukas, Should this be assigned to you or to Andrew?

Andrew, of course. I guess adding attachment and changing status at once was not a good idea.

(In reply to Andrew John Hughes from comment #10)
> This is expected; we don't support NIST P-192 (1.2.840.10045.3.1.1).
> See bug http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=469

Thank you

So back to ON_QA and cleaning failedQA keyword

Comment 18 errata-xmlrpc 2017-08-01 07:31:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2287


Note You need to log in before you can comment on or make changes to this bug.