Public bug reported: See also:
https://bugster.forgerock.org/jira/browse/OPENDJ-461 How to reproduce: Install (for example) Hudson CI 2.2.0 and activate the SSL port. Here is the config: NAME=hudson JAVA=/usr/lib/jvm/java-1.6.0-openjdk/bin/java JAVA_ARGS="-Xmx512M -XX:+UseG1GC -Dcom.sun.management.jmxremote.port=18189 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djavax.net.debug=ssl,handshake" PIDFILE=/var/run/hudson/hudson.pid HUDSON_USER=hudson HUDSON_WAR=/usr/share/hudson/hudson.war HUDSON_HOME=/var/lib/hudson RUN_STANDALONE=true HUDSON_LOG=/var/log/hudson/$NAME.log MAXOPENFILES=8192 HTTP_PORT=9087 AJP_PORT=-1 HUDSON_ARGS="--webroot=/var/run/hudson/war --httpsPort=$((HTTP_PORT+1)) --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT " Then try to connect using wget, curl or apache reverse proxy and you'll get in hudson.log: RequestHandlerThread[#5], handling exception: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID RequestHandlerThread[#5], IOException in getSession(): javax.net.ssl.SSLException: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID Curl outputs: curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error Current openjdk-7-jre is also affected. Using my own java 7 build (built against Ubuntu 11.10) works flawlessly on 12.04 (NOT icedtea based, just built using java 7 sources and using java 6 binaries). It is available at https://build.opensuse.org/package/show?package=optjdk7&project=home%3Akalium%3Atest . ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: openjdk-6-jre 6b24-1.11.1-4ubuntu2 ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14 Uname: Linux 3.2.0-23-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.0.1-0ubuntu5 Architecture: amd64 Date: Thu Apr 26 22:46:39 2012 EcryptfsInUse: Yes ProcEnviron: TERM=xterm SHELL=/bin/bash PATH=(custom, user) LANG=de_DE.UTF-8 LANGUAGE=de:en SourcePackage: openjdk-6 UpgradeStatus: Upgraded to precise on 2012-02-12 (74 days ago) ** Affects: openjdk-6 (Ubuntu) Importance: Undecided Status: Confirmed ** Tags: amd64 apport-bug precise -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/989236 Title: severe openjdk-6-jre ssl negotiation incompatibility (fixed upstream long ago...) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/989236/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
