[Bug 1691126] [NEW] java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves

Tue, 16 May 2017 07:41:03 -0700 

Public bug reported:

Tested with the puppetserver package (version 2.2.0-1puppetlabs1).


When running:

$ openssl s_client -showcerts -connect "$(hostname -f):8140"


The following java exception is thrown in the puppetserver:


2017-05-16 14:20:42,835 WARN  [qtp1887840931-59] [o.e.j.u.t.QueuedThreadPool] 
java.lang.ExceptionInInitializerError: null
        at sun.security.ssl.HelloExtensions.<init>(HelloExtensions.java:85) 
~[na:1.7.0_131]
        at 
sun.security.ssl.HandshakeMessage$ClientHello.<init>(HandshakeMessage.java:240) 
~[na:1.7.0_131]
        at 
sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:219) 
~[na:1.7.0_131]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961) 
~[na:1.7.0_131]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:901) 
~[na:1.7.0_131]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:899) 
~[na:1.7.0_131]
        at java.security.AccessController.doPrivileged(Native Method) 
~[na:1.7.0_131]
        at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1333) 
~[na:1.7.0_131]
        at 
org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:612)
 ~[puppet-server-release.jar:na]
        at 
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:239) 
~[puppet-server-release.jar:na]
        at 
org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) 
~[puppet-server-release.jar:na]
        at 
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
 ~[puppet-server-release.jar:na]
        at 
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) 
~[puppet-server-release.jar:na]
        at java.lang.Thread.run(Thread.java:745) [na:1.7.0_131]
Caused by: java.lang.IllegalArgumentException: System property 
jdk.tls.namedGroups(null) contains no supported elliptic curves
        at 
sun.security.ssl.SupportedEllipticCurvesExtension.<clinit>(SupportedEllipticCurvesExtension.java:154)
 ~[na:1.7.0_131]
        ... 14 common frames omitted


This bug seems to be the same as the one described in:
- https://bugzilla.redhat.com/show_bug.cgi?id=1422738
- https://bugs.openjdk.java.net/browse/JDK-8173783
- http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3329


It looks like this was introduced by adding open-jdk 7u131-2.6.9-0 to
http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/pool/main/o/openjdk-7/


We are working around this issue by downgrading openjdk-7-jre-headless to 
7u121-2.6.8-1. i.e.

$ curl -LO 
http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/pool/main/o/openjdk-7/openjdk-7-jre-headless_7u121-2.6.8-1ubuntu0.14.04.3_amd64.deb
$ dpkg -i openjdk-7-jre-headless_7u121-2.6.8-1ubuntu0.14.04.3_amd64.deb
$ update-alternatives --install /usr/bin/java java 
/usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java 1
$ service puppetserver restart


----


> We also need:
> 1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> 
> About Ubuntu

$ lsb_release -rd
Description:    Ubuntu 14.04.5 LTS
Release:        14.04

> 2) The version of the package you are using, via 'apt-cache policy
pkgname' or by checking in Software Center

$ apt-cache policy openjdk-7-jre-headless
openjdk-7-jre-headless:
  Installed: 7u131-2.6.9-0ubuntu0.14.04.1
  Candidate: 7u131-2.6.9-0ubuntu0.14.04.1
  Version table:
 *** 7u131-2.6.9-0ubuntu0.14.04.1 0
        500 http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main 
amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 
Packages
        100 /var/lib/dpkg/status
     7u51-2.4.6-1ubuntu4 0
        500 http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 
Packages

> 3) What you expected to happen

We expected this command to return certificate information for a web
server:

$ openssl s_client -showcerts -connect "$(hostname -f):8140"

> 4) What happened instead

The command failed and the webserver had a Java stack trace (see above).

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: openjdk-7-jre-headless 7u131-2.6.9-0ubuntu0.14.04.1
ProcVersionSignature: Ubuntu 3.19.0-58.64~14.04.1-generic 3.19.8-ckt16
Uname: Linux 3.19.0-58-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.23
Architecture: amd64
Date: Tue May 16 14:21:01 2017
Ec2AMI: ami-30b59b43
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: eu-west-1a
Ec2InstanceType: t2.small
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
ProcEnviron:
 TERM=screen-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: openjdk-7
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: openjdk-7 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug ec2-images trusty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1691126

Title:
  java.lang.IllegalArgumentException: System property
  jdk.tls.namedGroups(null) contains no supported elliptic curves

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1691126/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to