NPE in SupportedGroupsExtension
Thomas Lußnig
openjdk at suche.org
Thu Aug 23 22:27:24 UTC 2018
Hi,
i enabled the logging but did not receive more usefull information.
Maybe an hint how i get this NPE, i run an SSL Scan on
"https://www.ssllabs.com/ssltest/analyze.html".
And the check that cause the error contain an list of elliptical curves
that are not all known i think.
Gruß Thomas
And the Client Hello was:
<e protocol='TLSv1.2 TLSv1.2' greaseExt='0' extTypes='server_name
elliptic_curves ec_point_formats signature_algorithms' greaseSuite='0'
suites='TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_EMPTY_RENEGOTIATION_INFO_SCSV'
greaseCurves='0' curves='sect163k1{TLSv1.3 sect163r1{TLSv1.3
sect163r2{TLSv1.3 sect193r1{TLSv1.3 sect193r2{TLSv1.3 sect233k1{TLSv1.3
sect233r1{TLSv1.3 sect239k1{TLSv1.3 sect283k1{TLSv1.3 sect283r1{TLSv1.3
sect409k1{TLSv1.3 sect409r1{TLSv1.3 sect571k1{TLSv1.3 sect571r1{TLSv1.3
secp160k1{TLSv1.3 secp160r1{TLSv1.3 secp160r2{TLSv1.3 secp192k1{TLSv1.3
secp192r1{TLSv1.3 secp224k1{TLSv1.3 secp224r1{TLSv1.3 secp256k1{TLSv1.3
secp256r1 secp384r1 secp521r1 brainpoolP256r1 brainpoolP384r1
brainpoolP512r1 ecdh_x25519 ecdh_x448 ffdhe2048 ffdhe3072 ffdhe4096
ffdhe6144 ffdhe8192' sigAlg='RSASSA-PSS_SHA256 ED25519 SHA512withRSA
SHA512withDSA SHA512withECDSA SHA384withRSA SHA384withDSA
SHA384withECDSA SHA256withRSA SHA256withDSA SHA256withECDSA
SHA224withRSA SHA224withDSA SHA224withECDSA SHA1withRSA SHA1withDSA
SHA1withECDSA' points='uncompressed' compress='0' sni='1'/>
Hello.HEX=16030300C7010000C303035B7F325CC478E2CA4D83FF330D9771AD28CE4F1F36320859B416B1C5393CE57700000EC02CC00AC028C014C024C03000FF0100008C0000000E000C00000973756368652E6F7267000A00480046000100020003000400050006000700080009000A000B000C000D000E000F0010001100120013001400150016001700180019001A001B001C001D001E01000101010201030104000B00020100000D0024002208040807060106020603050105020503040104020403030103020303020102020203
java.lang.NullPointerException
at
java.base/sun.security.ssl.SupportedGroupsExtension$SupportedGroups.getECGenParamSpec(SupportedGroupsExtension.java:676)
at
java.base/sun.security.ssl.SupportedGroupsExtension$NamedGroup.getParameterSpec(SupportedGroupsExtension.java:454)
at
java.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:111)
at
java.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossessionGenerator.createPossession(ECDHKeyExchange.java:231)
at
java.base/sun.security.ssl.SSLKeyExchange$T12KeyAgreement.createPossession(SSLKeyExchange.java:357)
at
java.base/sun.security.ssl.SSLKeyExchange.createPossessions(SSLKeyExchange.java:88)
at
java.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:429)
at
java.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:290)
at
java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:429)
at
java.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1066)
at
java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:833)
at
java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:792)
at
java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:390)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:445)
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:978)
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:958)
at java.base/java.security.AccessController.doPrivileged(Native
Method)
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:926)
On 24.08.2018 00:00:41, Jamil Nimeh wrote:
> Hi Thomas, can you reproduce the issue with debug logging turned on?
> It may be helpful in conjunction with the stack trace you've
> provided. You should be able to turn it on with -Djavax.net.debug=ssl
>
> Thanks,
> --Jamil
>
> On 8/23/2018 2:41 PM, Thomas Lußnig wrote:
>> Hi,
>>
>> i got these NPE on my Server. With Java:
>>
>> openjdk 11-ea 2018-09-25
>> OpenJDK Runtime Environment 18.9 (build 11-ea+25)
>> OpenJDK 64-Bit Server VM 18.9 (build 11-ea+25, mixed mode)
>>
>> java.lang.NullPointerException
>> at
>> java.base/sun.security.ssl.SupportedGroupsExtension$SupportedGroups.getECGenParamSpec(SupportedGroupsExtension.java:676)
>> at
>> java.base/sun.security.ssl.SupportedGroupsExtension$NamedGroup.getParameterSpec(SupportedGroupsExtension.java:454)
>> at
>> java.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:111)
>> at
>> java.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossessionGenerator.createPossession(ECDHKeyExchange.java:231)
>> at
>> java.base/sun.security.ssl.SSLKeyExchange$T12KeyAgreement.createPossession(SSLKeyExchange.java:357)
>> at
>> java.base/sun.security.ssl.SSLKeyExchange.createPossessions(SSLKeyExchange.java:88)
>> at
>> java.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:429)
>> at
>> java.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:290)
>> at
>> java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:429)
>> at
>> java.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1066)
>> at
>> java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:833)
>> at
>> java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:792)
>> at
>> java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:390)
>> at
>> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:445)
>> at
>> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:978)
>> at
>> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:958)
>> at
>> java.base/java.security.AccessController.doPrivileged(Native Method)
>> at
>> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:926)
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180824/667bbe49/attachment.htm>
More information about the security-dev
mailing list