mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-07-25 12:15:32 +03:00
47 lines
1.8 KiB
Diff
47 lines
1.8 KiB
Diff
Bug #7404 TLS negotiation error in OpenJDK 8 u131
|
|
|
|
Fixes an OpenJDK 8 regression discovered in docker-library/openjdk#115
|
|
on Alpine Linux 3.5 (u121) and 3.6 (u131) that causes TLS negotiation
|
|
errors for some clients.
|
|
|
|
Root cause appears to be OpenJDK announcing support for NIST curves the
|
|
underlying NSS library does doesn't. This patch limits OpenJDK's
|
|
announcement to elliptic curves 23 (secp256r1), 24 (secp384r1), and 25
|
|
(secp521r1).
|
|
|
|
Related issues:
|
|
|
|
* https://github.com/docker-library/openjdk/issues/115
|
|
* https://bugs.alpinelinux.org/issues/7404
|
|
* https://access.redhat.com/discussions/2339811
|
|
* https://bugzilla.redhat.com/show_bug.cgi?id=1022017
|
|
* https://bugzilla.redhat.com/show_bug.cgi?id=1348525
|
|
|
|
--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java 2017-05-08 20:03:50.000000000 -0700
|
|
+++ openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java 2017-06-14 13:37:00.000000000 -0700
|
|
@@ -168,21 +168,10 @@
|
|
"contains no supported elliptic curves");
|
|
}
|
|
} else { // default curves
|
|
- int[] ids;
|
|
- if (requireFips) {
|
|
- ids = new int[] {
|
|
- // only NIST curves in FIPS mode
|
|
- 23, 24, 25, 9, 10, 11, 12, 13, 14,
|
|
- };
|
|
- } else {
|
|
- ids = new int[] {
|
|
- // NIST curves first
|
|
- 23, 24, 25, 9, 10, 11, 12, 13, 14,
|
|
- // non-NIST curves
|
|
- 22,
|
|
- };
|
|
- }
|
|
-
|
|
+ int[] ids = new int[] {
|
|
+ // NSS currently only supports these three NIST curves
|
|
+ 23, 24, 25
|
|
+ };
|
|
idList = new ArrayList<>(ids.length);
|
|
for (int curveId : ids) {
|
|
if (isAvailableCurve(curveId)) {
|