JDK-8209916 : NPE in SupportedGroupsExtension
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 11
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2018-08-23
  • Updated: 2020-11-20
  • Resolved: 2018-09-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 12 JDK 8 Other
11.0.1Fixed 12 b12Fixed 8u261Fixed openjdk8u272Fixed
Related Reports
Relates :  
JDK-8206775 - TLS 1.3 Implementation
Description
Reported in OpenJDK:
http://mail.openjdk.java.net/pipermail/security-dev/2018-August/017995.html
---------------------
i got these NPE on my Server. With Java:

openjdk 11-ea 2018-09-25
OpenJDK Runtime Environment 18.9 (build 11-ea+25)
OpenJDK 64-Bit Server VM 18.9 (build 11-ea+25, mixed mode)

java.lang.NullPointerException
        at java.base/sun.security.ssl.SupportedGroupsExtension$SupportedGroups.getECGenParamSpec(SupportedGroupsExtension.java:676)
        at java.base/sun.security.ssl.SupportedGroupsExtension$NamedGroup.getParameterSpec(SupportedGroupsExtension.java:454)
        at java.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:111)
        at java.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossessionGenerator.createPossession(ECDHKeyExchange.java:231)
        at java.base/sun.security.ssl.SSLKeyExchange$T12KeyAgreement.createPossession(SSLKeyExchange.java:357)
        at java.base/sun.security.ssl.SSLKeyExchange.createPossessions(SSLKeyExchange.java:88)
        at java.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:429)
        at java.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:290)
        at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:429)
        at java.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1066)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:833)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:792)
        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:390)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:445)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:978)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:958)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:926)
Comments
In the server implementation, a known but unsupported named group can be selected for the handshaking.
13-09-2018
Webrev: http://cr.openjdk.java.net/~xuelei/8209916/webrev.00/
12-09-2018
See also http://mail.openjdk.java.net/pipermail/security-dev/2018-September/018133.html for another reported issue.
12-09-2018