JDK-7153184 : NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 7u3
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2012-03-12
  • Updated: 2013-06-25
  • Resolved: 2012-05-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8
7u6Fixed 8 b40Fixed
Related Reports
Relates :  
Description
When we run performance tests of Weblogic running on Hotspot 7 and attempt to open multiple SSL clients to the server at the same time, the server generates this exception:

<Mar 12, 2012 1:58:13 PM PDT> <Error> <HTTP> <BEA-101083> <Connection failure.
java.lang.NullPointerException
        at sun.security.ssl.SSLEngineImpl.getSupportedCipherSuites(SSLEngineImpl.java:1992)
        at weblogic.security.SSL.jsseadapter.JaSSLEngine.getSupportedCipherSuites(JaSSLEngine.java:220)
        at weblogic.socket.JSSESocket.getSupportedCipherSuites(JSSESocket.java:115)
        at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:198)
        at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:163)

The problem is that all SSL engine objects are constructed with the same, default SSL context (from SSLContext.getDefaultInstance()). So we have multiple engines (in multiple threads) executing this code:
 return sslContext.getSuportedCipherSuiteList().toStringArray();

With the default sslcontext, that code is not threadsafe:

        clearAvailableCache();  // sets supportedCipherSuiteList to null

        if (supportedCipherSuiteList == null) {
            supportedCipherSuiteList =
                getApplicableCipherSuiteList(getSuportedProtocolList(), false);
        }
    
        return supportedCipherSuiteList;

So Thread A comes in, tests if the suite list is null; it is not so thread A continues. Now Thread B calls clearAvailableCache() and sets supportedCipherSuiteList to null. Thread A then returns the null variable.

Comments
Per conversation with Scott Oaks, marking this bug as verified, based on his weblogic runs with JDK 8 builds
25-06-2013

Added link for regression. This bug fix does appear in MASTER. http://hg.openjdk.java.net/jdk8/jdk8/jdk/log?rev=7153184
24-06-2013

There is no re tag for the bug and dont see this bug id in the changelog for promoted/nightly-tl workspaces. Written to Andrew to confirm if the change was integrated.
24-06-2013

written to scott to see if there are later weblogic perf tests that can be used to verify this bug
20-06-2013

EVALUATION Submitter appears to be correct. Thanks for tracking this down!
12-03-2012