JDK-7156553 : TLS session terminated by mobile device after upgrading 1.7.0 from 1.6.0
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 7
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: solaris_10
  • CPU: sparc
  • Submitted: 2012-03-23
  • Updated: 2012-03-23
  • Resolved: 2012-03-23
Related Reports
Duplicate :  
Description
FULL PRODUCT VERSION :
Java(TM) SE Runtime Environment (build 1.7.0_03-b04)
Java HotSpot(TM) Server VM (build 22.1-b02, mixed mode)


ADDITIONAL OS VERSION INFORMATION :
SunOS v245gw2 5.10 Generic_141414-10 sun4u sparc SUNW,Sun-Fire-V245

A DESCRIPTION OF THE PROBLEM :
Our application creates a tls server socket which is accessed by mobile device, it was working with jre 1.6.0_27 but not working with 1.6.0_31 and higher versions including 1.7.0_04. It is reported from mobile device vendors that packet size is wrong, below is the tls debug info for both 1.6.0_27 and 1.6.0_31;

=================== 1.6.0_27 ===================
Finalizer, called close()
Finalizer, called closeInternal(true)
Mar 23, 2012 6:23:58 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Mar 23, 2012 6:23:58 PM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Mar 23, 2012 6:23:58 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/70  config=null
Mar 23, 2012 6:23:58 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 17760 ms
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
SSLSocketListener:7275, setSoTimeout(1000) called
[Raw read]: length = 5
0000: 16 03 01 00 45                                     ....E
[Raw read]: length = 69
0000: 01 00 00 41 03 01 4F 6C   A3 D0 D9 5A 75 FE 79 0A  ...A..Ol...Zu.y.
0010: 72 B0 80 CD 9A 94 FC 5B   CF FB 75 49 86 A2 1A 92  r......[..uI....
0020: FB 0B CA 6B EA BF 00 00   1A 00 35 00 2F 00 0A 00  ...k......5./...
0030: 16 00 13 00 05 00 04 00   09 00 12 00 08 00 03 00  ................
0040: 11 00 14 01 00                                     .....
pool-20-thread-1, READ: TLSv1 Handshake, length = 69
*** ClientHello, TLSv1
RandomCookie:  GMT: 1332454096 bytes = { 217, 90, 117, 254, 121, 10, 114, 176, 128, 205, 154, 148, 252, 91, 207, 251, 117, 73, 134, 162, 26, 146, 251, 11, 202, 107, 234, 191 }
Session ID:  {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
Warning: No renegotiation indication in ClientHello, allow legacy ClientHello
[read] MD5 and SHA1 hashes:  len = 69
0000: 01 00 00 41 03 01 4F 6C   A3 D0 D9 5A 75 FE 79 0A  ...A..Ol...Zu.y.
0010: 72 B0 80 CD 9A 94 FC 5B   CF FB 75 49 86 A2 1A 92  r......[..uI....
0020: FB 0B CA 6B EA BF 00 00   1A 00 35 00 2F 00 0A 00  ...k......5./...
0030: 16 00 13 00 05 00 04 00   09 00 12 00 08 00 03 00  ................
0040: 11 00 14 01 00                                     .....
%% Created:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie:  GMT: 1332454097 bytes = { 239, 228, 128, 15, 41, 248, 199, 164, 38, 34, 53, 112, 191, 197, 246, 49, 255, 76, 229, 195, 227, 92, 191, 72, 244, 248, 205, 30 }
Session ID:  {79, 108, 163, 209, 184, 114, 97, 180, 115, 39, 110, 53, 192, 228, 65, 16, 211, 248, 46, 18, 36, 53, 24, 212, 13, 238, 152, 161, 44, 51, 85, 146}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
***
Cipher suite:  TLS_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=supl.oksijen.com, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, O=supl.oksijen.com
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  SunPKCS11-Solaris RSA public key, 1024 bits (id 85629832, session object)
  modulus: 120598275309494828650775439122182490971314974575342901792485396175797849226277121851592853233827395922531208074888178314834470710699640438647970178816434399898627584108914505608176980008499085664214564719055962194153955275587611402977329362759107538999228807303416149258304360535491035210594226346396297578637
  public exponent: 65537
  Validity: [From: Tue Nov 29 02:00:00 EET 2011,
               To: Tue Nov 27 01:59:59 EET 2012]
  Issuer: CN=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US
  SerialNumber: [    4c9aeb87 b7fca2e3 46edb8de 3f12c7ac]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://svr-dv-crl.thawte.com/ThawteDV.crl]
]]

[2]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.thawte.com]
]

[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 2B 92 E3 A9 3B D3 07 CD   FC 5B 9E 88 3B 34 39 0B  +...;....[..;49.
0010: C9 47 2A 03 05 9B 35 41   BF 3D 60 5D 88 FD D6 74  .G*...5A.=`]...t
0020: F4 9B BB F0 49 2A 9B BC   F4 10 C3 71 69 8D FA 6A  ....I*.....qi..j
0030: 87 B7 0B 08 97 16 2A 83   08 54 97 34 FA 20 0B 19  ......*..T.4. ..
0040: 56 05 39 76 2A BA 20 7F   CD 54 24 53 3F D1 06 1D  V.9v*. ..T$S?...
0050: 63 DE C1 6F 9C 06 1E 5C   14 A3 9D 52 13 F4 20 FB  c..o...\...R.. .
0060: F9 BF F4 1A 14 E7 3A A2   5D EE 81 B7 7E E0 DA AF  ......:.].......
0070: 95 04 27 60 A6 D6 4A 43   D5 76 1A B2 C5 21 07 FD  ..'`..JC.v...!..
0080: 6B 8B B5 B5 6F 28 AA 72   C3 A8 E2 31 BE D1 23 69  k...o(.r...1..#i
0090: 29 01 18 02 79 51 D8 8F   BE 28 C3 4E FC 76 42 2C  )...yQ...(.N.vB,
00A0: BC 01 E6 B6 5A F9 83 23   F0 42 01 77 0F 76 CD A2  ....Z..#.B.w.v..
00B0: 4F 81 F4 2B 3C 63 CC 57   31 E1 F2 54 3C E5 D3 3C  O..+<c.W1..T<..<
00C0: 69 B9 DE 97 38 3F 18 C8   D3 88 F3 7B 88 C4 0A 2A  i...8?.........*
00D0: 3B D3 9D A3 42 07 0D 5D   35 AA C9 08 F2 80 87 A1  ;...B..]5.......
00E0: 00 69 3C E8 CC 1A CA 8B   F7 15 AF 23 0B 2E 70 F5  .i<........#..p.
00F0: AE 8E D1 26 14 DB F7 77   05 D6 DC 54 EE 59 FF 13  ...&...w...T.Y..

]
chain [1] = [
[
  Version: V3
  Subject: CN=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  SunPKCS11-Solaris RSA public key, 2048 bits (id 6198152, session object)
  modulus: 25701717484853491437424643587435384947655042879579017200377794747735174183061275533271946354928754299745436930612096732059592290036133242863382696145247614638515940329571878798930120591612643480548140260642028775565866916653370805995814318360170559409969976874936984219480826128934300421815326970163576991408271640964914878312951354774468261605313367681695404259766066048556173382828286811361298161501279248814379846142433083837533966218185592141533643687375820728335650809270604148582814639876630437931801822297685398714224714209072329881336663635057667849684253169486424858469933035820711409092091268640626960413269
  public exponent: 65537
  Validity: [From: Thu Feb 18 02:00:00 EET 2010,
               To: Tue Feb 18 01:59:59 EET 2020]
  Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  SerialNumber: [    7610128a 17b682bb 3a1f9d1a 9a35c092]

Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
KeyIdentifier [
0000: AB 44 E4 5D EC 83 C7 D9   C0 85 9F F7 E1 C6 97 90  .D.]............
0010: B0 8C 3F 98                                        ..?.
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7B 5B 45 CF AF CE CB 7A   FD 31 92 1A 6A B6 F3 46  .[E....z.1..j..F
0010: EB 57 48 50                                        .WHP
]

]

[3]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  CN=VeriSignMPKI-2-11
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.thawte.com/ThawtePCA.crl]
]]

[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.thawte.com]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 04 BA FB AC BB FC 4B 54   11 A3 2D 88 B3 3C BD 00  ......KT..-..<..
0010: 6D 8A 1A B6 8D C4 C1 83   F8 C7 53 2A C1 32 6E 3A  m.........S*.2n:
0020: 81 A1 54 7D DA 1A 3F 3A   45 4F 36 E7 42 B0 0A 42  ..T...?:EO6.B..B
0030: 85 97 A0 AC FB E5 87 A7   83 4F E8 B1 B7 9B 58 65  .........O....Xe
0040: 6E 26 80 0B 92 4D 47 55   B9 61 16 51 65 E9 2B F1  n&...MGU.a.Qe.+.
0050: 68 D9 58 B8 03 81 D1 B7   66 1C D3 BC C5 A6 7B 5F  h.X.....f......_
0060: 3E C5 38 46 76 E7 75 B4   A0 0C 4B CE A2 C2 A9 C1  >.8Fv.u...K.....
0070: CC 36 73 7B FB B9 24 24   A0 5E A7 F6 FA BB 0C 28  .6s...$$.^.....(
0080: 43 9E 1D F0 4E F0 3F D8   24 B0 21 DC 6D 2D EE BF  C...N.?.$.!.m-..
0090: 5A 3B FA 88 9C 74 6C AF   21 DD 92 EC C3 15 EF 94  Z;...tl.!.......
00A0: 75 26 46 D6 A6 3F BF 66   48 AA 1D EF DD 27 E6 B7  u&F..?.fH....'..
00B0: 51 89 38 7D 13 84 0C 40   FC D0 B5 F1 E0 DB F9 4F  Q.8....@.......O
00C0: 2F 40 1C B4 8E 47 22 61   B8 4C 96 DE F0 5F 11 7E  /@...G"a.L..._..
00D0: 4F 11 D9 EC 50 47 22 0E   C5 1D E2 64 49 E7 68 63  O...PG"....dI.hc
00E0: 45 3A 8A D9 71 F4 5E F1   6E B7 14 4D 3E 6F 14 1E  E:..q.^.n..M>o..
00F0: DC 52 FE BC DF 0C BD 29   3F 76 FB 11 5F 68 68 15  .R.....)?v.._hh.

]
chain [2] = [
[
  Version: V3
  Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  SunPKCS11-Solaris RSA public key, 2048 bits (id 14331544, session object)
  modulus: 21792351585640198823010717570910971808469628036117065647538316584461104694117982485319401124457220049283378312411354535779127606968916044780332786260035481781765039797362215672421915437872814686294860940985466198627244991233897031307285975552662073780174254767374930165493818669253271286259780239288988465335988816384343753406049170266376223419710437879015046905429855225019948986073114815226362934518604529274034324266651314733393135633945096089333067879884414870938531015147310124871986717553381366235085215677397428475777665806913759265262907501168121945007318159396049901049180479495316851639382710767187677533597
  public exponent: 65537
  Validity: [From: Fri Nov 17 02:00:00 EET 2006,
               To: Thu Dec 31 01:59:59 EET 2020]
  Issuer: EMAILADDRESS=###@###.###, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  SerialNumber: [    33655008 79ad73e2 30b9e01d 0d7fac91]

Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
KeyIdentifier [
0000: 7B 5B 45 CF AF CE CB 7A   FD 31 92 1A 6A B6 F3 46  .[E....z.1..j..F
0010: EB 57 48 50                                        .WHP
]
]

[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl]
]]

[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1A 68 74 74 70 73 3A   2F 2F 77 77 77 2E 74 68  ..https://www.th
0010: 61 77 74 65 2E 63 6F 6D   2F 63 70 73              awte.com/cps

]]  ]
]

[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 84 A8 4C C9 3E 2A BC 9A   E2 CC 8F 0B B2 25 77 C4  ..L.>*.......%w.
0010: 61 89 89 63 5A D4 A3 15   40 D4 FB 5E 3F B4 43 EA  a..cZ...@..^?.C.
0020: 63 17 2B 6B 99 74 9E 09   A8 DD D4 56 15 2E 7A 79  c.+k.t.....V..zy
0030: 31 5F 63 96 53 1B 34 D9   15 EA 4F 6D 70 CA BE F6  1_c.S.4...Omp...
0040: 82 A9 ED DA 85 77 CC 76   1C 6A 81 0A 21 D8 41 99  .....w.v.j..!.A.
0050: 7F 5E 2E 82 C1 E8 AA F7   93 81 05 AA 92 B4 1F B7  .^..............
0060: 9A C0 07 17 F5 CB C6 B4   4C 0E D7 56 DC 71 20 74  ........L..V.q t
0070: 38 D6 74 C6 D6 8F 6B AF   8B 8D A0 6C 29 0B 61 E0  8.t...k....l).a.

]
***
*** ServerHelloDone
[write] MD5 and SHA1 hashes:  len = 3318
0000: 02 00 00 46 03 01 4F 6C   A3 D1 EF E4 80 0F 29 F8  ...F..Ol......).
0010: C7 A4 26 22 35 70 BF C5   F6 31 FF 4C E5 C3 E3 5C  ..&"5p...1.L...0020: BF 48 F4 F8 CD 1E 20 4F   6C A3 D1 B8 72 61 B4 73  .H.... Ol...ra.s
0030: 27 6E 35 C0 E4 41 10 D3   F8 2E 12 24 35 18 D4 0D  'n5..A.....$5...
0040: EE 98 A1 2C 33 55 92 00   2F 00 0B 00 0C A4 00 0C  ...,3U../.......
0050: A1 00 03 BC 30 82 03 B8   30 82 02 A0 A0 03 02 01  ....0...0.......
0060: 02 02 10 4C 9A EB 87 B7   FC A2 E3 46 ED B8 DE 3F  ...L.......F...?
0070: 12 C7 AC 30 0D 06 09 2A   86 48 86 F7 0D 01 01 05  ...0...*.H......
0080: 05 00 30 5E 31 0B 30 09   06 03 55 04 06 13 02 55  ..0^1.0...U....U
0090: 53 31 15 30 13 06 03 55   04 0A 13 0C 54 68 61 77  S1.0...U....Thaw
00A0: 74 65 2C 20 49 6E 63 2E   31 1D 30 1B 06 03 55 04  te, Inc.1.0...U.
00B0: 0B 13 14 44 6F 6D 61 69   6E 20 56 61 6C 69 64 61  ...Domain Valida
00C0: 74 65 64 20 53 53 4C 31   19 30 17 06 03 55 04 03  ted SSL1.0...U..
00D0: 13 10 54 68 61 77 74 65   20 44 56 20 53 53 4C 20  ..Thawte DV SSL
00E0: 43 41 30 1E 17 0D 31 31   31 31 32 39 30 30 30 30  CA0...1111290000
00F0: 30 30 5A 17 0D 31 32 31   31 32 36 32 33 35 39 35  00Z..12112623595
0100: 39 5A 30 81 B2 31 19 30   17 06 03 55 04 0A 13 10  9Z0..1.0...U....
0110: 73 75 70 6C 2E 6F 6B 73   69 6A 65 6E 2E 63 6F 6D  supl.oksijen.com
0120: 31 3B 30 39 06 03 55 04   0B 13 32 47 6F 20 74 6F  1;09..U...2Go to
0130: 20 68 74 74 70 73 3A 2F   2F 77 77 77 2E 74 68 61   https://www.tha
0140: 77 74 65 2E 63 6F 6D 2F   72 65 70 6F 73 69 74 6F  wte.com/reposito
0150: 72 79 2F 69 6E 64 65 78   2E 68 74 6D 6C 31 22 30  ry/index.html1"0
0160: 20 06 03 55 04 0B 13 19   54 68 61 77 74 65 20 53   ..U....Thawte S
0170: 53 4C 31 32 33 20 63 65   72 74 69 66 69 63 61 74  SL123 certificat
0180: 65 31 19 30 17 06 03 55   04 0B 13 10 44 6F 6D 61  e1.0...U....Doma
0190: 69 6E 20 56 61 6C 69 64   61 74 65 64 31 19 30 17  in Validated1.0.
01A0: 06 03 55 04 03 13 10 73   75 70 6C 2E 6F 6B 73 69  ..U....supl.oksi
01B0: 6A 65 6E 2E 63 6F 6D 30   81 9F 30 0D 06 09 2A 86  jen.com0..0...*.
01C0: 48 86 F7 0D 01 01 01 05   00 03 81 8D 00 30 81 89  H............0..
01D0: 02 81 81 00 AB BC D6 47   B1 EC 88 F1 7D 0A E5 91  .......G........
01E0: 69 D9 BF C6 F9 CB 87 CD   03 AD 81 C1 09 43 6B 74  i............Ckt
01F0: D5 25 0D F9 15 12 4A 5B   EB 8D F8 6D 74 2B 7F 1F  .%....J[...mt+..
0200: 3C 25 93 04 22 53 8C 5F   46 66 52 08 6E 4E 18 F6  <%.."S._FfR.nN..
0210: F8 56 2E B5 BD F4 9C 41   F0 B5 89 5C A6 59 89 F0  .V.....A...\.Y..
0220: 78 02 D3 46 93 43 90 FF   A3 1B 9A 99 4B 4F DC CA  x..F.C......KO..
0230: C2 F0 8C FA 17 D6 54 40   92 80 66 E9 C0 52 DB 74  ......T@..f..R.t
0240: 2C 3A 0A C7 3E CB CF BE   CE 06 0F 21 0D B8 95 ED  ,:..>......!....
0250: E3 C9 C8 8D 02 03 01 00   01 A3 81 A0 30 81 9D 30  ............0..0
0260: 0C 06 03 55 1D 13 01 01   FF 04 02 30 00 30 3A 06  ...U.......0.0:.
0270: 03 55 1D 1F 04 33 30 31   30 2F A0 2D A0 2B 86 29  .U...3010/.-.+.)
0280: 68 74 74 70 3A 2F 2F 73   76 72 2D 64 76 2D 63 72  http://svr-dv-cr
0290: 6C 2E 74 68 61 77 74 65   2E 63 6F 6D 2F 54 68 61  l.thawte.com/Tha
02A0: 77 74 65 44 56 2E 63 72   6C 30 1D 06 03 55 1D 25  wteDV.crl0...U.%
02B0: 04 16 30 14 06 08 2B 06   01 05 05 07 03 01 06 08  ..0...+.........
02C0: 2B 06 01 05 05 07 03 02   30 32 06 08 2B 06 01 05  +.......02..+...
02D0: 05 07 01 01 04 26 30 24   30 22 06 08 2B 06 01 05  


( This report has more than 16,000 characters and has been truncated. )

Comments
EVALUATION Code which is reading the packets is likely incorrect when it comes to fragmented packets. Needs to be updated.
23-03-2012