Hi, sorry for the problem people are experiencing. Tiago has prepared packages which are undergoing review and testing. I have made these package available in the ubuntu-security-proposed ppa (except for on the armhf architecture) at https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/ .
It would be greatly appreciated if people could test these packages to verify that the address the regression you're seeing. That said, it's important to understand that these still need to be tested, and should not be used in production. Thanks, and again, my apologies. -- You received this bug notification because you are a member of OpenJDK, which is subscribed to openjdk-7 in Ubuntu. https://bugs.launchpad.net/bugs/1691126 Title: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves Status in openjdk-7 package in Ubuntu: Invalid Status in openjdk-7 source package in Trusty: In Progress Bug description: Tested with the puppetserver package (version 2.2.0-1puppetlabs1). When running: $ openssl s_client -showcerts -connect "$(hostname -f):8140" The following java exception is thrown in the puppetserver: 2017-05-16 14:20:42,835 WARN [qtp1887840931-59] [o.e.j.u.t.QueuedThreadPool] java.lang.ExceptionInInitializerError: null at sun.security.ssl.HelloExtensions.<init>(HelloExtensions.java:85) ~[na:1.7.0_131] at sun.security.ssl.HandshakeMessage$ClientHello.<init>(HandshakeMessage.java:240) ~[na:1.7.0_131] at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:219) ~[na:1.7.0_131] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961) ~[na:1.7.0_131] at sun.security.ssl.Handshaker$1.run(Handshaker.java:901) ~[na:1.7.0_131] at sun.security.ssl.Handshaker$1.run(Handshaker.java:899) ~[na:1.7.0_131] at java.security.AccessController.doPrivileged(Native Method) ~[na:1.7.0_131] at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1333) ~[na:1.7.0_131] at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:612) ~[puppet-server-release.jar:na] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:239) ~[puppet-server-release.jar:na] at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) ~[puppet-server-release.jar:na] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) ~[puppet-server-release.jar:na] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) ~[puppet-server-release.jar:na] at java.lang.Thread.run(Thread.java:745) [na:1.7.0_131] Caused by: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves at sun.security.ssl.SupportedEllipticCurvesExtension.<clinit>(SupportedEllipticCurvesExtension.java:154) ~[na:1.7.0_131] ... 14 common frames omitted This bug seems to be the same as the one described in: - https://bugzilla.redhat.com/show_bug.cgi?id=1422738 - https://bugs.openjdk.java.net/browse/JDK-8173783 - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3329 It looks like this was introduced by adding open-jdk 7u131-2.6.9-0 to http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/pool/main/o/openjdk-7/ EDIT: WORKAROUND The original workaround steps no longer work because the required package has been removed from http://eu- west-1.ec2.archive.ubuntu.com/ubuntu/pool/main/o/openjdk-7. The new steps make you use the repository at https://launchpad.net/~openjdk-r/+archive/ubuntu/ppa. $ gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/ apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv DA1A4A13543B466853BAF164EB9B1D8886F44E2A $ echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu trusty main deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu trusty main" > /etc/apt/sources.list.d/openjdk-r-ppa.list $ apt-get update $ apt-get install openjdk-7-jre-headless=7u121-2.6.8-1~14.04 $ service puppetserver restart ---- > We also need: > 1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> About Ubuntu $ lsb_release -rd Description: Ubuntu 14.04.5 LTS Release: 14.04 > 2) The version of the package you are using, via 'apt-cache policy pkgname' or by checking in Software Center $ apt-cache policy openjdk-7-jre-headless openjdk-7-jre-headless: Installed: 7u131-2.6.9-0ubuntu0.14.04.1 Candidate: 7u131-2.6.9-0ubuntu0.14.04.1 Version table: *** 7u131-2.6.9-0ubuntu0.14.04.1 0 500 http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages 100 /var/lib/dpkg/status 7u51-2.4.6-1ubuntu4 0 500 http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages > 3) What you expected to happen We expected this command to return certificate information for a web server: $ openssl s_client -showcerts -connect "$(hostname -f):8140" > 4) What happened instead The command failed and the webserver had a Java stack trace (see above). ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openjdk-7-jre-headless 7u131-2.6.9-0ubuntu0.14.04.1 ProcVersionSignature: Ubuntu 3.19.0-58.64~14.04.1-generic 3.19.8-ckt16 Uname: Linux 3.19.0-58-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.23 Architecture: amd64 Date: Tue May 16 14:21:01 2017 Ec2AMI: ami-30b59b43 Ec2AMIManifest: (unknown) Ec2AvailabilityZone: eu-west-1a Ec2InstanceType: t2.small Ec2Kernel: unavailable Ec2Ramdisk: unavailable ProcEnviron: TERM=screen-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openjdk-7 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1691126/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~openjdk Post to : openjdk@lists.launchpad.net Unsubscribe : https://launchpad.net/~openjdk More help : https://help.launchpad.net/ListHelp