JDK-6220064 : REGRESSION: SSL connections fail with Turkish input locale
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 5.0
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2005-01-21
  • Updated: 2011-02-16
  • Resolved: 2005-04-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6
5.0u4Fixed 6 betaFixed
Related Reports
Duplicate :  
JDK-6241396 - SSL problem: Cannot find any provider supporting RSA/ECB/PKCS1Padding
Relates :  
JDK-6208680 - Doc: Clarify issues with toLowerCase/toUpperCase and Turkish
Description
FULL PRODUCT VERSION :
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Linux vermivorous 2.6.5-7.111-smp #3 SMP Tue Dec 14 11:41:51 EET 2004 i686 i686 i386 GNU/Linux
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
If the locale of the system is set to turkish (tr_TR) or the application sets the default locale to turkish all SSL connections will fail with "javax.net.ssl.SSLKeyException: RSA premaster secret error"

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the application in "Source code for an executable test case"

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No output, no exceptions.
ACTUAL -
Exception in thread "main" javax.net.ssl.SSLKeyException: RSA premaster secret error
        at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:86)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:514)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
        at HTTPSTest.main(HTTPSTest.java:12)
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding
        at javax.crypto.Cipher.getInstance(DashoA12275)
        at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(JsseJce.java:90)
        at com.sun.net.ssl.internal.ssl.RSACipher.<init>(RSACipher.java:35)
        at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(RSACipher.java:69)
        at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:82)
        ... 11 more

ERROR MESSAGES/STACK TRACES THAT OCCUR :
as in "Actual Result"

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.net.*;
import java.util.*;

public class HTTPSTest
{

  public static void main(String[] args) throws Exception
  {
    Locale.setDefault(new Locale("tr", "TR"));
    URL url = new URL("https://www.verisign.com/");
    URLConnection urlConnection = url.openConnection();
    urlConnection.connect();
  }

}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Change the locale

Release Regression From : 1.4.2_06
The above release value was the last known release where this 
bug was known to work. Since then there has been a regression.
###@###.### 2005-1-21 13:57:10 GMT
Comments
EVALUATION This bug is caused by an unusual property of the Turkish alphabet and the way this is represented in the Java language. Namely, that there are two different characters for the letter 'i' and that "i".toUpperCase().equals("I") is false in the Turkish locale. See http://www.sys-con.com/story/?storyid=46241 for some discussion of the topic. This is a problem because the Provider lookup code assumes that it can use the result of s.toUpperCase() for case-exact comparisions and indexing. This is a problem in both the java.security and the JCE code in 1.5, so I have moved the bug to classes_security. A similar issue might exist in in JGSS and SASL as well. A possible fix is to change all relevant invocations of s.toUpperCase() to s.toUpperCase(java.util.Locale.ENGLISH), but I am still investigating if there is a better (or at least more elegant) fix. ###@###.### 2005-1-21 20:02:38 GMT ###@###.### 2005-03-30 02:44:52 GMT
21-01-2005
WORK AROUND Do not use the Turkish locale. ###@###.### 2005-1-21 20:02:38 GMT
21-01-2005