Issue with SSL and java-1.8.0-openjdk 91-1.b14

Latest response

Hi, I started having an issue with Jetty SSL connections after upgrading java-1.8.0-openjdk from 77-0.b03 to 91-1.b14.
(RHEL 6.7 x86_64)

The Jetty server is a basic server instance running nothing except the server itself.
I can connect with browsers, without issue, to either version.

After turning on server SSL debugging (-Djavax.net.debug=ssl,handshake,data), the error manifests with the following exception (full trace below):
java.lang.RuntimeException: Could not generate DH keypair
Caused By:
java.security.InvalidAlgorithmParameterException: Unknown curve name: 1.3.132.0.39

As mentioned, there is no issue with java-1.8.0-openjdk.77-0.b03. I assume that 77-b03 ignores the unknown curve names.

For my client, I am testing with OpenSSL 1.0.1 t built from source. (Same issue when using 1.0.1e).
The command I am using is:
openssl s_client -connect {host:port}
Note that the 1.0.1e-fips version of openssl, as downloaded from RHEL, does not fail, as it only offers the following EC names:
{secp521r1, secp384r1, secp256r1}

I cannot actually compare the SSL debug output from 77-b03, because when I turn on the java.net.ssl debugging in that version, if fails with a different error.

Any help with ideas on where to go from here would be greatly appreciated!
Thanks.


Server trace:

*** ClientHello, TLSv1.2
RandomCookie: GMT: -957664599 bytes = { 181, 238, 244, 18, 108, 193, 14, 211, 128, 99, 146, 65, 9, 16, 229, 110, 14, 190, 131, 50, 111, 108, 28, 42, 76, 145, 106, 23 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_SEED_CBC_SHA, TLS_DHE_DSS_WITH_SEED_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_SEED_CBC_SHA, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_RSA_WITH_IDEA_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {1.3.132.0.39, 1.3.132.0.38, secp521r1, 1.3.132.0.36, 1.3.132.0.37, secp384r1, 1.3.132.0.16, 1.3.132.0.17, 1.3.132.0.10, secp256r1, 1.3.132.0.3, 1.3.132.0.26, 1.3.132.0.27, 1.3.132.0.32, 1.3.132.0.33, 1.3.132.0.24, 1.3.132.0.25, 1.3.132.0.31, 1.2.840.10045.3.1.1, 1.3.132.0.1, 1.3.132.0.2, 1.3.132.0.15, 1.3.132.0.9, 1.3.132.0.8, 1.3.132.0.30}
Unsupported extension type_35, data:
Extension signature_algorithms, signature_algorithms: SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA, Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
Unsupported extension type_15, data: 01


[read] MD5 and SHA1 hashes: len = 286
0000: 01 00 01 1A 03 03 C7 EB 33 A9 B5 EE F4 12 6C C1 ........3.....l.
{omitted....}
0110: 02 03 03 02 01 02 02 02 03 00 0F 00 01 01 ..............
%% Initialized: [Session-2, SSL_NULL_WITH_NULL_NULL]
qtp1793329556-15, fatal error: 80: problem unwrapping net record
java.lang.RuntimeException: Could not generate DH keypair
%% Invalidated: [Session-2, SSL_NULL_WITH_NULL_NULL]
qtp1793329556-15, SEND TLSv1.2 ALERT: fatal, description = internal_error
qtp1793329556-15, WRITE: TLSv1.2 Alert, length = 2
2016-05-26 11:37:34.420:DBUG:oeji.AbstractEndPoint:qtp1793329556-15: onClose SelectChannelEndPoint@2fe19cb7{/192.168.122.1:56325<->8083,CLOSED,in,out,-,-,5/30000,SslConnection}{io=0,kio=0,kro=1}
2016-05-26 11:37:34.420:DBUG:oeji.ChannelEndPoint:qtp1793329556-15: close SelectChannelEndPoint@2fe19cb7{/192.168.122.1:56325<->8083,CLOSED,in,out,-,-,5/30000,SslConnection}{io=0,kio=0,kro=1}
2016-05-26 11:37:34.420:DBUG:oeji.SelectorManager:qtp1793329556-15: Destroyed SelectChannelEndPoint@2fe19cb7{/192.168.122.1:56325<->8083,CLOSED,ISHUT,OSHUT,-,-,5/30000,SslConnection}{io=0,kio=-1,kro=-1}
2016-05-26 11:37:34.420:DBUG:oeji.AbstractConnection:qtp1793329556-15: onClose HttpConnection@1a9c6107{FILLING}
2016-05-26 11:37:34.420:DBUG:oeji.AbstractConnection:qtp1793329556-15: onClose SslConnection@51bfec3{NEED_WRAP,eio=0/-1,di=-1} -> HttpConnection@1a9c6107{FILLING}
2016-05-26 11:37:34.420:DBUG:oeji.AbstractEndPoint:qtp1793329556-15: onClose SelectChannelEndPoint@2fe19cb7{/192.168.122.1:56325<->8083,CLOSED,ISHUT,OSHUT,-,-,5/30000,SslConnection}{io=0,kio=-1,kro=-1}
2016-05-26 11:37:34.421:DBUG:oejis.SslConnection:qtp1793329556-15: SslConnection@51bfec3{NEED_WRAP,eio=-1/-1,di=-1} -> HttpConnection@1a9c6107{FILLING} fill exit
2016-05-26 11:37:34.421:DBUG:oejis.SslConnection:qtp1793329556-10-selector-ServerConnectorManager@75828a0f/0: onFillable exit DecryptedEndPoint@7ffc0c83{/192.168.122.1:56325<->8083,CLOSED,ISHUT,OSHUT,-,-,9/30000,HttpConnection}->SelectChannelEndPoint@2fe19cb7{/192.168.122.1:56325<->8083,CLOSED,ISHUT,OSHUT,-,-,6/30000,SslConnection}{io=0,kio=-1,kro=-1}
2016-05-26 11:37:34.421:DBUG:oeji.AbstractConnection:qtp1793329556-10-selector-ServerConnectorManager@75828a0f/0: FILLING-->IDLE SslConnection@51bfec3{NEED_WRAP,eio=-1/-1,di=-1} -> HttpConnection@1a9c6107{FILLING}
2016-05-26 11:37:34.421:DBUG:oeji.SelectorManager:qtp1793329556-10-selector-ServerConnectorManager@75828a0f/0: Ignoring cancelled key for channel java.nio.channels.SocketChannel[closed]
2016-05-26 11:37:34.421:DBUG:oeji.SelectorManager:qtp1793329556-10-selector-ServerConnectorManager@75828a0f/0: Running change org.eclipse.jetty.io.SelectChannelEndPoint$1@75a0bd69
2016-05-26 11:37:34.421:DBUG:oeji.SelectorManager:qtp1793329556-10-selector-ServerConnectorManager@75828a0f/0: Selector loop waiting on select
2016-05-26 11:37:34.421:DBUG:oejs.HttpConnection:qtp1793329556-15:
java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:516)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:239)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
Caused by:
java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.ECDHCrypt.(ECDHCrypt.java:68)
at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1432)
at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1219)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1023)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:738)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:612)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:239)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
Caused by:
java.security.InvalidAlgorithmParameterException: Unknown curve name: 1.3.132.0.39
at sun.security.ec.ECKeyPairGenerator.initialize(ECKeyPairGenerator.java:100)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:674)
at sun.security.ssl.ECDHCrypt.(ECDHCrypt.java:63)
at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1432)
at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1219)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1023)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:738)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:612)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:239)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)

Responses

For comparison, I have downloaded and run with the Oracle JVM 1.8.0 u91 and u92, and both run without issue.

This looks to me like a regression of an earlier issue [0].

The OpenJDK builds support elliptic curve cryptography using the NSS library which provides only 3 curves; secp521r1, secp384r1 and secp256r1. These are the ones with names in the above, rather than the dotted notation.

OpenJDK should be being patched to reduce the list of curves announced over SSL, but it looks like this patch wasn't forwardported to the OpenJDK 8 builds, which is why it's now offering something it can't actually provide. My apologies for this.

I'm going to re-open RH1022017 as a java-1.8.0-openjdk bug to try and get this fixed.

[0] https://bugzilla.redhat.com/show_bug.cgi?id=1022017