JDK-7153184 : NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 7u3
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2012-03-12
  • Updated: 2013-06-25
  • Resolved: 2012-05-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u6Fixed 8 b40Fixed
Related Reports
Relates :  
When we run performance tests of Weblogic running on Hotspot 7 and attempt to open multiple SSL clients to the server at the same time, the server generates this exception:

<Mar 12, 2012 1:58:13 PM PDT> <Error> <HTTP> <BEA-101083> <Connection failure.
        at sun.security.ssl.SSLEngineImpl.getSupportedCipherSuites(SSLEngineImpl.java:1992)
        at weblogic.security.SSL.jsseadapter.JaSSLEngine.getSupportedCipherSuites(JaSSLEngine.java:220)
        at weblogic.socket.JSSESocket.getSupportedCipherSuites(JSSESocket.java:115)
        at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:198)
        at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:163)

The problem is that all SSL engine objects are constructed with the same, default SSL context (from SSLContext.getDefaultInstance()). So we have multiple engines (in multiple threads) executing this code:
 return sslContext.getSuportedCipherSuiteList().toStringArray();

With the default sslcontext, that code is not threadsafe:

        clearAvailableCache();  // sets supportedCipherSuiteList to null

        if (supportedCipherSuiteList == null) {
            supportedCipherSuiteList =
                getApplicableCipherSuiteList(getSuportedProtocolList(), false);
        return supportedCipherSuiteList;

So Thread A comes in, tests if the suite list is null; it is not so thread A continues. Now Thread B calls clearAvailableCache() and sets supportedCipherSuiteList to null. Thread A then returns the null variable.

Per conversation with Scott Oaks, marking this bug as verified, based on his weblogic runs with JDK 8 builds

Added link for regression. This bug fix does appear in MASTER. http://hg.openjdk.java.net/jdk8/jdk8/jdk/log?rev=7153184

There is no re tag for the bug and dont see this bug id in the changelog for promoted/nightly-tl workspaces. Written to Andrew to confirm if the change was integrated.

written to scott to see if there are later weblogic perf tests that can be used to verify this bug

EVALUATION Submitter appears to be correct. Thanks for tracking this down!