Submit My Question - Recent Questions - Recent Answer
java >> Security >> Java Secure Socket Extension (JSSE)

https exception with java 1.6

Life was good when our clients and server were running java 1.5.X. Now after some of our clients have upgraded to 1.6.0_1, life isn't so good.

I am seeing seemingly random exceptions that appear to be generated down in the guts of the https api layer. I could use your help.

Please, I appreciate any advice.

Here is the setup:

1) Tomcat 5.5.15 with jdk 1.5.0_09

2) Tomcat setup for https and http but https forced. Not using APR...

3) Clients are running jre 1.6.0_01.

4) Clients login and run a fairly large applet.

5) At some random point during the communication (we are serializing plain old java objects) the following exception occurs and all communication with the server is foobar until the browser is restarted. (Refresh doesn't help).

6) the above problem happens quicker for some and not at all for others.

The problem:

The clients are randomly failing (at least it seems that way) with

javax.net.ssl.SSLException: java.lang.NullPointerException

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)

at com.mycompany.hm.callq.client.common.HttpMessage.sendPostObject(HttpMessage.java:227)

at com.mycompany.hm.callq.client.common.CallQSerializeData.sendViaHttp(CallQSerializeData.java:132)

at com.mycompany.hm.callq.client.common.SessionMonitor.getSessionInterval(SessionMonitor.java:355)

at com.mycompany.hm.callq.client.common.SessionMonitor.startSessionMonitorTimers(SessionMonitor.java:78)

at com.mycompany.hm.callq.client.common.JDockingApplet.start(JDockingApplet.java:331)

at sun.applet.AppletPanel.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Caused by: java.lang.NullPointerException

at com.sun.deploy.security.X509ExtendedDeployTrustManager.isSupportedAlgorithm(Unknown Source)

at com.sun.deploy.security.X509ExtendedDeployTrustManager.checkServerTrusted(Unknown Source)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

... 13 more

Once this happens, the java cache (apparently) becomes corrupted and must be deleted before the applet can be used (until it randomly fails again). The java console shows unable to load a class that I know exists and is fine...

I'm really hoping someone has some ideas. I'm in the process of seeing if upgrading to 1.6.1 on the server fixes the problem but I've already found one condition that it fails (consistently).

I don't know where to go from here?

-Dennis

[3744 byte] By [AlfredTheGreya] at [2007-11-15]
«« Error with isFile(), getName() and substring()
»» ActionEvent - is it from mouse or keyboard or programaticaly?
# 1

Me too.

JRE 1.5.10 has some caching issue (or I'm doing something braindead) and 1.6.0 randomly throws SSLException NullPointerException.

The 1.6.0 issue happens when run via a Web page or Web Start. Do not see any rhyme or reason to when it tosses, but happens within 10 to 20 https requests.

DrewUnderPaidDevelopera at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 2

> Me too.

>

> JRE 1.5.10 has some caching issue (or I'm doing

> something braindead) and 1.6.0 randomly throws

> SSLException NullPointerException.

>

> The 1.6.0 issue happens when run via a Web page or

> Web Start. Do not see any rhyme or reason to when it

> tosses, but happens within 10 to 20 https requests.

Well I'm sorry to hear you are having the problem too, but yet I'm glad someone else is seeing this. I was wondering if I'm the only person in the world that is using full https with java 1.6 applets...

I've been spending hours and hours trying to see if there is a bug written up on this but no luck. How about you?

Just to give an update of what I have tried.

The latest version of 5.5 tomcat 5.5.23 does not change the problem.

The latest version of java on the server side does not change the problem.

Adding -version:1.5 to the java control panel on the client doesn't seem to change the problem either.

I am seeing some strange memory thrashing problems with 1.6 that I don't see with 1.5 and for a while I thought I was running out of heap space down inside the https api layer but I'm ruling that out for now as I've seen the problem with a normal heap allocation.

Swinging a rubber chicken has absolutely no effect other than making my co-workers quicken their walking pace!

Please let me know what you have tried and perhaps your setup.

AlfredTheGreya at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 3
a quick question.Are you using jar indexing?
AlfredTheGreya at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 4

No, am not using jar indexing, that I know of.

Originally though it some network/router issue, since it was happening in one network, but since reproduced on other nets.

I thought it may have been related to the server certificate, since it wasn't valid. I had a custom trustManager to validate our internally gen'd cert. Have since got a valid cert, and removed the silver-tape, but that didn't work.

I had port numbers in URL, got rid of those. No change. (down to longshots!)

DrewUnderPaidDevelopera at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 5

if you remove https and keep simple http does the problem go away?

Meaning of course, that you see normal operation of your software with 1.6 client.

(I know that the https exception will go away)

This is indeed the case for us. We can use https for login and go back to http and the app seems to work fine under 1.6.0_1, but as soon as we force https for some of our customers, we start seeing this random problem.

Message was edited by:

AlfredTheGrey

AlfredTheGreya at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 6

More information:

I now have line numbers, as I was able to dup this using the 1.6.0_02 early access snapshot.

javax.net.ssl.SSLException: java.lang.NullPointerException

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1554)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1537)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1130)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:836)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)

at com.mycompany.hm.callq.client.common.HttpMessage.sendPostObject(HttpMessage.java:227)

at com.mycompany.hm.callq.client.common.CallQSerializeData.sendViaHttp(CallQSerializeData.java:132)

at com.mycompany.hm.callq.client.diagnostics.CallQBaseUITableModel.getActiveCallDetail(CallQBaseUITableModel.java:375)

at com.mycompany.hm.callq.client.diagnostics.CallQActiveCalls.launch(CallQActiveCalls.java:669)

at com.mycompany.hm.callq.client.diagnostics.CallQActiveCalls$1.mouseClicked(CallQActiveCalls.java:214)

at java.awt.AWTEventMulticaster.mouseClicked(AWTEventMulticaster.java:253)

at java.awt.Component.processMouseEvent(Component.java:6041)

at javax.swing.JComponent.processMouseEvent(JComponent.java:3265)

at java.awt.Component.processEvent(Component.java:5803)

at java.awt.Container.processEvent(Container.java:2058)

at java.awt.Component.dispatchEventImpl(Component.java:4410)

at java.awt.Container.dispatchEventImpl(Container.java:2116)

at java.awt.Component.dispatchEvent(Component.java:4240)

at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4322)

at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3995)

at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3916)

at java.awt.Container.dispatchEventImpl(Container.java:2102)

at java.awt.Component.dispatchEvent(Component.java:4240)

at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)

at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:273)

at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:183)

at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:173)

at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:168)

at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:160)

at java.awt.EventDispatchThread.run(EventDispatchThread.java:121)

Caused by: java.lang.NullPointerException

at com.sun.deploy.security.X509ExtendedDeployTrustManager.isSupportedAlgorithm(X509ExtendedDeployTrustManager.java:463)

at com.sun.deploy.security.X509ExtendedDeployTrustManager.checkServerTrusted(X509ExtendedDeployTrustManager.java:303)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)

... 30 more

Here is the hotspot log:

<?xml version='1.0' encoding='UTF-8'?>

<hotspot_log version='160 1' process='1512' time_ms='1178561067875'>

<vm_version>

<name>

Java HotSpot(TM) Client VM

</name>

<release>

1.6.0_02-ea-fastdebug-b02-debug

</release>

<info>

Java HotSpot(TM) Client VM (1.6.0_02-ea-fastdebug-b02) for windows-x86, built on Apr 12 2007 03:44:50 by "java_re" with unknown MS VC++:1310

</info>

</vm_version>

<vm_arguments>

<args>

-Xbootclasspath/a:C:\PROGRA~1\Java\JRE16~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE16~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m

-Xverify:remote -Djavaplugin.version=1.6.0_02 -Djavaplugin.nodotversion=160_02

-Dbrowser=sun.plugin -DtrustProxy=true

-Dapplication.home=C:\PROGRA~1\Java\JRE16~1.0_0 -Xdebug -Xnoagent

-Djava.compiler=NONE

-Xrunjdwp:transport=dt_socket,server=y,address=8888,suspend=n

-Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE16~1.0_0\classes

-Xbootclasspath/a:C:\PROGRA~1\Java\JRE16~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE16~1.0_0\lib\plugin.jar

-Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote

-Djavaplugin.version=1.6.0_02 -Djavaplugin.nodotversion=160_02

-Dbrowser=sun.plugin -DtrustProxy=true

-Dapplication.home=C:\PROGRA~1\Java\JRE16~1.0_0 -Xdebug -Xnoagent

-Djava.compiler=NONE

-Xrunjdwp:transport=dt_socket,server=y,address=8888,suspend=n

</args>

<launcher>

generic

</launcher>

</vm_arguments>

<tty>

<writer thread='2456'/>

<dependency_failed type='unique_concrete_method' ctxk='java/util/Properties' x='java/util/Hashtable put (Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;' witness='java/security/Provider' stamp='5.306'/>

<writer thread='2480'/>

<dependency_failed type='unique_concrete_method' ctxk='javax/swing/text/TabExpander' x='javax/swing/text/PlainView nextTabStop (FI)F' witness='javax/swing/text/TabExpander' stamp='10.888'/>

<writer thread='2476'/>

<dependency_failed type='no_finalizable_subclasses' ctxk='java/io/FilterInputStream' witness='sun/net/www/MeteredStream' stamp='13.313'/>

<writer thread='2508'/>

<dependency_failed type='leaf_type' ctxk='java/applet/Applet' witness='javax/swing/JApplet' stamp='21.693'/>

<dependency_failed type='unique_concrete_method' x='java/awt/Component isVisible ()Z' witness='javax/swing/JPopupMenu' stamp='26.129'/>

<dependency_failed type='leaf_type' ctxk='java/util/ArrayList' witness='com/jidesoft/docking/m' stamp='26.523'/>

<dependency_failed type='leaf_type' ctxk='java/util/ArrayList' witness='com/jidesoft/docking/m' stamp='26.524'/>

<dependency_failed type='leaf_type' ctxk='java/util/ArrayList' witness='com/jidesoft/docking/m' stamp='26.524'/>

<dependency_failed type='leaf_type' ctxk='java/util/ArrayList' witness='com/jidesoft/docking/m' stamp='26.524'/>

<dependency_failed type='leaf_type' ctxk='java/util/ArrayList' witness='com/jidesoft/docking/m' stamp='26.524'/>

<dependency_failed type='leaf_type' ctxk='java/util/ArrayList' witness='com/jidesoft/docking/m' stamp='26.524'/>

<dependency_failed type='leaf_type' ctxk='java/util/ArrayList' witness='com/jidesoft/docking/m' stamp='26.524'/>

<writer thread='2488'/>

<dependency_failed type='unique_concrete_method' ctxk='java/awt/image/ImageConsumer' x='sun/awt/image/ImageRepresentation setPixels (IIIILjava/awt/image/ColorModel;[BII)V' witness='java/awt/image/ImageConsumer' stamp='44.948'/>

<dependency_failed type='unique_concrete_method' ctxk='java/awt/image/ImageConsumer' x='sun/awt/image/ImageRepresentation setDimensions (II)V' witness='java/awt/image/ImageConsumer' stamp='44.948'/>

<dependency_failed type='unique_concrete_method' ctxk='java/awt/image/ImageConsumer' x='sun/awt/image/ImageRepresentation setColorModel (Ljava/awt/image/ColorModel;)V' witness='java/awt/image/ImageConsumer' stamp='44.948'/>

<dependency_failed type='unique_concrete_method' ctxk='java/awt/image/ImageConsumer' x='sun/awt/image/ImageRepresentation setHints (I)V' witness='java/awt/image/ImageConsumer' stamp='44.948'/>

<dependency_failed type='unique_concrete_method' x='sun/util/calendar/CalendarDate getYear ()I' witness='sun/util/calendar/ImmutableGregorianDate' stamp='50.579'/>

<dependency_failed type='unique_concrete_method' ctxk='sun/util/calendar/BaseCalendar$Date' x='sun/util/calendar/CalendarDate setDate (III)Lsun/util/calendar/CalendarDate;' witness='sun/util/calendar/ImmutableGregorianDate' stamp='50.579'/>

<dependency_failed type='unique_concrete_method' ctxk='sun/util/calendar/BaseCalendar$Date' x='sun/util/calendar/CalendarDate setYear (I)Lsun/util/calendar/CalendarDate;' witness='sun/util/calendar/ImmutableGregorianDate' stamp='50.579'/>

<dependency_failed type='unique_concrete_method' ctxk='sun/util/calendar/BaseCalendar$Date' x='sun/util/calendar/CalendarDate setMonth (I)Lsun/util/calendar/CalendarDate;' witness='sun/util/calendar/ImmutableGregorianDate' stamp='50.579'/>

<dependency_failed type='unique_concrete_method' ctxk='sun/util/calendar/BaseCalendar$Date' x='sun/util/calendar/CalendarDate setDayOfMonth (I)Lsun/util/calendar/CalendarDate;' witness='sun/util/calendar/ImmutableGregorianDate' stamp='50.580'/>

<dependency_failed type='unique_concrete_method' ctxk='sun/util/calendar/BaseCalendar$Date' x='sun/util/calendar/CalendarDate setTimeOfDay (IIII)Lsun/util/calendar/CalendarDate;' witness='sun/util/calendar/ImmutableGregorianDate' stamp='50.580'/>

<dependency_failed type='unique_concrete_method' ctxk='sun/util/calendar/BaseCalendar$Date' x='sun/util/calendar/CalendarDate setHours (I)Lsun/util/calendar/CalendarDate;' witness='sun/util/calendar/ImmutableGregorianDate' stamp='50.580'/>

<dependency_failed type='unique_concrete_method' ctxk='sun/util/calendar/BaseCalendar$Date' x='sun/util/calendar/CalendarDate setMinutes (I)Lsun/util/calendar/CalendarDate;' witness='sun/util/calendar/ImmutableGregorianDate' stamp='50.580'/>

<dependency_failed type='unique_concrete_method' ctxk='sun/util/calendar/BaseCalendar$Date' x='sun/util/calendar/CalendarDate setSeconds (I)Lsun/util/calendar/CalendarDate;' witness='sun/util/calendar/ImmutableGregorianDate' stamp='50.580'/>

<dependency_failed type='unique_concrete_method' ctxk='sun/util/calendar/BaseCalendar$Date' x='sun/util/calendar/CalendarDate setMillis (I)Lsun/util/calendar/CalendarDate;' witness='sun/util/calendar/ImmutableGregorianDate' stamp='50.580'/>

<writer thread='2292'/>

<missed_by_CHA method='java/lang/Object equals (Ljava/lang/Object;)Z' bytes='11' count='40' iicount='0' klass='java/awt/GraphicsConfiguration'/>

<missed_by_CHA method='java/awt/Rectangle getX ()D' bytes='6' count='894' iicount='0' klass='java/awt/Rectangle'/>

<missed_by_CHA method='java/awt/Rectangle getY ()D' bytes='6' count='894' iicount='0' klass='java/awt/Rectangle'/>

<missed_by_CHA method='java/awt/Rectangle getWidth ()D' bytes='6' count='894' iicount='0' klass='java/awt/Rectangle'/>

<missed_by_CHA method='java/awt/Rectangle getHeight ()D' bytes='6' count='894' iicount='0' klass='java/awt/Rectangle'/>

<missed_by_CHA method='java/awt/Rectangle setRect (DDDD)V' bytes='135' count='878' iicount='0' klass='java/awt/Rectangle'/>

<missed_by_CHA method='javax/swing/JComponent repaint (JIIII)V' bytes='16' count='23' iicount='0' klass='javax/swing/table/JTableHeader'/>

<missed_by_CHA method='javax/swing/JComponent repaint (JIIII)V' bytes='16' count='23' iicount='0' klass='javax/swing/text/JTextComponent'/>

<missed_by_CHA method='javax/swing/JComponent repaint (JIIII)V' bytes='16' count='23' iicount='0' klass='javax/swing/text/JTextComponent'/>

<missed_by_CHA method='javax/swing/JComponent repaint (JIIII)V' bytes='16' count='23' iicount='0' klass='javax/swing/text/JTextComponent'/>

<missed_by_CHA method='javax/swing/JComponent repaint (JIIII)V' bytes='16' count='23' iicount='0' klass='javax/swing/text/JTextComponent'/>

<missed_by_CHA method='javax/swing/JComponent repaint (JIIII)V' bytes='16' count='23' iicount='0' klass='javax/swing/text/JTextComponent'/>

<missed_by_CHA method='javax/swing/JComponent repaint (JIIII)V' bytes='16' count='23' iicount='0' klass='javax/swing/text/JTextComponent'/>

<missed_by_CHA method='javax/swing/JComponent repaint (JIIII)V' bytes='16' count='23' iicount='0' klass='javax/swing/text/JTextComponent'/>

<missed_by_CHA method='javax/swing/JComponent repain

'>

AlfredTheGreya at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 7

I have further information. I found that I can set -Djavax.net.debug=all within my tomcat5 shell script and oh boy does that give a ton of data.

Here is the last section, again this is on the server side (tomcat 5.5.15, java 1.5.0_09) communicating with 1.6.0_01 client.

.....

<tons of data here, over a gig of expanded ascii>

[Raw read]: length = 5

0000: 15 03 01 00 02 .....

[Raw read]: length = 2

0000: 02 50 .P

http-443-Processor23, READ: TLSv1 Alert, length = 2

http-443-Processor23, RECV TLSv1 ALERT: fatal, internal_error

http-443-Processor23, called closeSocket()

http-443-Processor23, handling exception: javax.net.ssl.SSLException: Received fatal alert:

internal_error

http-443-Processor23, called close()

http-443-Processor23, called closeInternal(true)

AlfredTheGreya at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 8

I wanted to give an update to this problem as I am still seeing it and I've tried several ways of either fixing it or working around the problem.

Here is the latest:

For our https we created our certificates using our own CA using a now outdated version of OpenSSL. Sooo... I decided to update to the latest version of OpenSSL and make certain I created our CA and certificate the right way.

I used this, which is off of apaches FAQ page:

http://marc.info/?l=tomcat-user&m=106293430225790&w=2

After doing all of this, I can still recreate the problem.

At this point I'm waiting on Sun to respond/post a bug that I have created.

Please, if you have any more information on this, keep me posted.

-Dennis

AlfredTheGreya at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 9
AlfredTheGrey,I have no time to further pursue issues with 1.6. I've asked users not to use this JRE.Still hoping for a solution too.Drew.
DrewUnderPaidDevelopera at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 10
There might be a light at the end of the tunnel. See the evaluation section of this bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6514454-Dennis
AlfredTheGreya at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
Security
Java Secure Socket Extension (JSSE)

Security Hot Topic

Security New Topic

Security

Site Classified