JDK-8078823 : javax/net/ssl/ciphersuites/DisabledAlgorithms.java fails intermittently
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 8,9
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2015-04-28
  • Updated: 2016-06-13
  • Resolved: 2015-05-26
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u60Fixed 9 b67Fixed
Related Reports
Relates :  
JDK-8080921 - Mark intermittently failing: javax/net/ssl/ciphersuites/DisabledAlgorithms.java
Description
javax/net/ssl/ciphersuites/DisabledAlgorithms.java fails intermittently

----------System.out:(28/2284)----------
jdk.tls.disabledAlgorithms = SSLv3, RC4
Server: enable cipher suites: [TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5]
Server: started
Client: enable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Client: connect to server
Expected exception on client side: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Client: enable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Client: connect to server
Expected exception on client side: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Client: enable cipher suite: SSL_RSA_WITH_RC4_128_SHA
Client: connect to server
Expected exception on client side: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Client: enable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Client: connect to server
Expected exception on client side: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Client: enable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Client: connect to server
Expected exception on client side: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Client: enable cipher suite: SSL_RSA_WITH_RC4_128_MD5
Client: connect to server
Expected exception on client side: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Client: enable cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
Client: connect to server
Expected exception on client side: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Client: enable cipher suite: SSL_DH_anon_WITH_RC4_128_MD5
Client: connect to server
Expected exception on client side: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Server: finished
----------System.err:(14/897)----------
java.lang.RuntimeException: Expected SSL exception not thrown on server side
	at DisabledAlgorithms.checkFailure(DisabledAlgorithms.java:136)
	at DisabledAlgorithms.main(DisabledAlgorithms.java:91)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:502)
	at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:92)
	at java.lang.Thread.run(Thread.java:745)

JavaTest Message: Test threw exception: java.lang.RuntimeException: Expected SSL exception not thrown on server side
JavaTest Message: shutting down test
Comments
Code review: http://mail.openjdk.java.net/pipermail/security-dev/2015-May/012235.html
25-05-2015
I put some debug output in to the test, and was able to reproduce one failures after ~5000 runs. It failed with the following exception: java.net.SocketException: socket closed at java.net.DualStackPlainSocketImpl.accept0(Native Method) at java.net.DualStackPlainSocketImpl.socketAccept(DualStackPlainSocketImpl.java:131) at java.net.AbstractPlainSocketImpl.accept(AbstractPlainSocketImpl.java:404) at java.net.PlainSocketImpl.accept(PlainSocketImpl.java:199) at java.net.ServerSocket.implAccept(ServerSocket.java:546) at sun.security.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:348) at DisabledAlgorithms$SSLServer.run(DisabledAlgorithms.java:213) at java.lang.Thread.run(Thread.java:745) Server: finished Exception in thread "main" java.lang.RuntimeException: Expected SSL exception not thrown on server side at DisabledAlgorithms.checkFailure(DisabledAlgorithms.java:138) at DisabledAlgorithms.main(DisabledAlgorithms.java:91) It fails very rarely with SocketException. The test runs clients in main thread, but a server runs in a separate thread. In checkFailure() method, clients expect a SSLHandshakeException, and when it occurs, they stop the server by calling SSLServer.stop() method which make the server close its server socket. The server usually throws an expected SSLHandshakeException, then server socket is closed. But it seems that sometimes the server closes the server socket before handshake failure is processed. As a result, IOException happens instead of SSLHandshakeException. I don't think that there is any problem in JDK. The server should stop if any exception occurs, and clients shouldn't stop the server by themselves.
25-05-2015