Launchpad has imported 42 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=1022017.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://he
** Changed in: centos
Status: Unknown => Fix Released
** Changed in: centos
Importance: Unknown => Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1006776
Title:
openjdk-6-jdk ssl
Some feedback on this bug as I worked on it from the RH side.
* The OpenJDK Java code for elliptic curve support in SSL uses a list of curves
based on the in-tree code used by Oracle.
* The actual curves supported by the system version of NSS used on most
distributions is much shorter; it's basi
Also tracked in Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=1022017
The bug is apparently caused by a change in NSS (not Java™) adding
partial/incomplete ECC support.
** Bug watch added: Red Hat Bugzilla #1022017
https://bugzilla.redhat.com/show_bug.cgi?id=1022017
** Also affects: ce
Just debugged this on OpenJDK 7, Tomcat 7, Debian wheezy.
The workaround to comment out the line
security.provider.9=sun.security.pkcs11.SunPKCS11
${java.home}/lib/security/nss.cfg
worked. The line
#security.provider.9=sun.security.ec.SunEC
was already commented out, since this is the nōn-free
I get this error using a self-signed cert for localhost, but not when
using a self-signed cert for another domain and setting my hosts file to
point that domain to localhost
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.
** Description changed:
Ununtu 12.04 LTS
openjdk-6-jdk:
- Installed: 6b24-1.11.1-4ubuntu3
- Candidate: 6b24-1.11.1-4ubuntu3
- Version table:
- *** 6b24-1.11.1-4ubuntu3 0
- 500 http://za.archive.ubuntu.com/ubuntu/ precise-updates/main i386
Packages
- 100 /var/lib/dpkg
Removing
security.provider.10=sun.security.pkcs11.SunPKCS11
${java.home}/lib/security/nss.cfg
Has solved the problem for us for now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1006776
Title:
op
btw: the reason it stopped working with openssl1.0 is, that openssl0.9.8 did
only send these ciphers:
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS
yes. I've updated my suggestion above. Please comment out the line like
this:
#security.provider.10=sun.security.pkcs11.SunPKCS11
${java.home}/lib/security/nss.cfg
This completely disables Elliptic Curves so another method is chosen. It
seems SunEC is not available in iced tea builds currently.
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.securit
Hm. Now I get a java.lang.ClassNotFoundException: sun.security.ec.SunEC
even on openjdk7. I was sure this worked before.
It seems the SunEC provider was added in jdk7, so no way to get this to work in
jdk6, but it should work on openjdk7 at least.
http://docs.oracle.com/javase/7/docs/technotes/gu
hm. This worked on ubuntu 12.04, but not on 10.04 with openjdk-
6_6b20-1.9.13 *sigh*
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1006776
Title:
openjdk-6-jdk ssl negotiation incompatibility
To ma
*Ouch*
I just realized that it is sufficient to modify
/etc/java-6-openjdk/security/java.security so it uses the sun Elliptic
Curve impelementation wich is also included in openjdk.
Just change the line
security.provider.9=sun.security.pkcs11.SunPKCS11
${java.home}/lib/security/nss.cfg
to
securi
Out of curiosity I've further examined the problem. Here my results.
It seems that the used libnss3 only supports these 3 elliptic curves:
secp256r1 secp384r1 and secp521r1
(See source package for libnss3 on ubuntu 12.04
openjdk-6-src/nss-3.13.1.with.ckbi.1.88/mozilla/security/nss/freebl/ec
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openjdk-7 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1006776
Title:
Same as https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/989240
sun.security.pkcs11.wrapper.PKCS11Exception of CKR_DOMAIN_PARAMS_INVALID
while creating private
// Called by ServerHandshaker for ephemeral ECDH
ECDHCrypt(String curveName, SecureRandom random) {
try {
Same problem exists in openjdk-7u3-2.1.1
** Project changed: openjdk => openjdk-7 (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1006776
Title:
openjdk-6-jdk ssl negotiation incompatibility
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openjdk-7 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1006776
Title:
** Also affects: openjdk
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1006776
Title:
openjdk-6-jdk ssl negotiation incompatibility
To manage notificatio
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openjdk-6 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1006776
Title:
21 matches
Mail list logo
