Re: NPE in SupportedGroupsExtension

Thomas Lußnig Thu, 23 Aug 2018 15:28:49 -0700

Hi,

i enabled the logging but did not receive more usefull information.

Maybe an hint how i get this NPE, i run an SSL Scan on"https://www.ssllabs.com/ssltest/analyze.html";.And the check that cause the error contain an list of elliptical curvesthat are not all known i think.


Gruß Thomas

And the Client Hello was:

<e protocol='TLSv1.2 TLSv1.2' greaseExt='0' extTypes='server_nameelliptic_curves ec_point_formats signature_algorithms' greaseSuite='0'suites='TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHATLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHATLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_EMPTY_RENEGOTIATION_INFO_SCSV'greaseCurves='0' curves='sect163k1{TLSv1.3 sect163r1{TLSv1.3sect163r2{TLSv1.3 sect193r1{TLSv1.3 sect193r2{TLSv1.3 sect233k1{TLSv1.3sect233r1{TLSv1.3 sect239k1{TLSv1.3 sect283k1{TLSv1.3 sect283r1{TLSv1.3sect409k1{TLSv1.3 sect409r1{TLSv1.3 sect571k1{TLSv1.3 sect571r1{TLSv1.3secp160k1{TLSv1.3 secp160r1{TLSv1.3 secp160r2{TLSv1.3 secp192k1{TLSv1.3secp192r1{TLSv1.3 secp224k1{TLSv1.3 secp224r1{TLSv1.3 secp256k1{TLSv1.3secp256r1 secp384r1 secp521r1 brainpoolP256r1 brainpoolP384r1brainpoolP512r1 ecdh_x25519 ecdh_x448 ffdhe2048 ffdhe3072 ffdhe4096ffdhe6144 ffdhe8192' sigAlg='RSASSA-PSS_SHA256 ED25519 SHA512withRSASHA512withDSA SHA512withECDSA SHA384withRSA SHA384withDSASHA384withECDSA SHA256withRSA SHA256withDSA SHA256withECDSASHA224withRSA SHA224withDSA SHA224withECDSA SHA1withRSA SHA1withDSASHA1withECDSA' points='uncompressed' compress='0' sni='1'/>


Hello.HEX=16030300C7010000C303035B7F325CC478E2CA4D83FF330D9771AD28CE4F1F36320859B416B1C5393CE57700000EC02CC00AC028C014C024C03000FF0100008C0000000E000C00000973756368652E6F7267000A00480046000100020003000400050006000700080009000A000B000C000D000E000F0010001100120013001400150016001700180019001A001B001C001D001E01000101010201030104000B00020100000D0024002208040807060106020603050105020503040104020403030103020303020102020203

java.lang.NullPointerException

atjava.base/sun.security.ssl.SupportedGroupsExtension$SupportedGroups.getECGenParamSpec(SupportedGroupsExtension.java:676) atjava.base/sun.security.ssl.SupportedGroupsExtension$NamedGroup.getParameterSpec(SupportedGroupsExtension.java:454) atjava.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:111) atjava.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossessionGenerator.createPossession(ECDHKeyExchange.java:231) atjava.base/sun.security.ssl.SSLKeyExchange$T12KeyAgreement.createPossession(SSLKeyExchange.java:357) atjava.base/sun.security.ssl.SSLKeyExchange.createPossessions(SSLKeyExchange.java:88) atjava.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:429) atjava.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:290) atjava.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:429) atjava.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1066) atjava.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:833) atjava.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:792) atjava.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:390) atjava.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:445) atjava.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:978) atjava.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:958) at java.base/java.security.AccessController.doPrivileged(NativeMethod) atjava.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:926)


On 24.08.2018 00:00:41, Jamil Nimeh wrote:

Hi Thomas, can you reproduce the issue with debug logging turned on?It may be helpful in conjunction with the stack trace you'veprovided. You should be able to turn it on with -Djavax.net.debug=ssl
Thanks,
--Jamil

On 8/23/2018 2:41 PM, Thomas Lußnig wrote:
Hi,

i got these NPE on my Server. With Java:

openjdk 11-ea 2018-09-25
OpenJDK Runtime Environment 18.9 (build 11-ea+25)
OpenJDK 64-Bit Server VM 18.9 (build 11-ea+25, mixed mode)

java.lang.NullPointerException
atjava.base/sun.security.ssl.SupportedGroupsExtension$SupportedGroups.getECGenParamSpec(SupportedGroupsExtension.java:676) atjava.base/sun.security.ssl.SupportedGroupsExtension$NamedGroup.getParameterSpec(SupportedGroupsExtension.java:454) atjava.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:111) atjava.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossessionGenerator.createPossession(ECDHKeyExchange.java:231) atjava.base/sun.security.ssl.SSLKeyExchange$T12KeyAgreement.createPossession(SSLKeyExchange.java:357) atjava.base/sun.security.ssl.SSLKeyExchange.createPossessions(SSLKeyExchange.java:88) atjava.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:429) atjava.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:290) atjava.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:429) atjava.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1066) atjava.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:833) atjava.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:792) atjava.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:390) atjava.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:445) atjava.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:978) atjava.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:958) atjava.base/java.security.AccessController.doPrivileged(Native Method) atjava.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:926)

Re: NPE in SupportedGroupsExtension

Reply via email to