Bug ID: 7153184 NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites

7153184 : NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites

Details

Type:	Bug	Submit Date:	2012-03-12
Status:	Resolved	Updated Date:	2012-05-29
Project Name:	JDK	Resolved Date:	2012-05-22
Component:	security-libs	OS:	generic
Sub-Component:	javax.net.ssl	CPU:	generic
Priority:	P3
Resolution:	Fixed
Affected Versions:	7u3
Fixed Versions:	8

Related Reports

Backport:

JDK-2225006 - NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites

Sub Tasks

Description

When we run performance tests of Weblogic running on Hotspot 7 and attempt to open multiple SSL clients to the server at the same time, the server generates this exception:

<Mar 12, 2012 1:58:13 PM PDT> <Error> <HTTP> <BEA-101083> <Connection failure.
java.lang.NullPointerException
        at sun.security.ssl.SSLEngineImpl.getSupportedCipherSuites(SSLEngineImpl.java:1992)
        at weblogic.security.SSL.jsseadapter.JaSSLEngine.getSupportedCipherSuites(JaSSLEngine.java:220)
        at weblogic.socket.JSSESocket.getSupportedCipherSuites(JSSESocket.java:115)
        at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:198)
        at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:163)

The problem is that all SSL engine objects are constructed with the same, default SSL context (from SSLContext.getDefaultInstance()). So we have multiple engines (in multiple threads) executing this code:
 return sslContext.getSuportedCipherSuiteList().toStringArray();

With the default sslcontext, that code is not threadsafe:

        clearAvailableCache();  // sets supportedCipherSuiteList to null

        if (supportedCipherSuiteList == null) {
            supportedCipherSuiteList =
                getApplicableCipherSuiteList(getSuportedProtocolList(), false);
        }
    
        return supportedCipherSuiteList;

So Thread A comes in, tests if the suite list is null; it is not so thread A continues. Now Thread B calls clearAvailableCache() and sets supportedCipherSuiteList to null. Thread A then returns the null variable.

Comments

EVALUATION

Submitter appears to be correct.  Thanks for tracking this down!

2012-03-12

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together