Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8160342

Unknown curve name: 1.3.132.0.39

    Details

      Description

      FULL PRODUCT VERSION :
      openjdk version "1.8.0_91"
      OpenJDK Runtime Environment (build 1.8.0_91-b14)
      OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)


      ADDITIONAL OS VERSION INFORMATION :
      Linux / Fedora 22

      EXTRA RELEVANT SYSTEM CONFIGURATION :
      Running in Tomcat application server.
      Different CLIENT_HELLO messages will avoid the problem.

      A DESCRIPTION OF THE PROBLEM :
      Running a Java server (tomcat), some client devices provide the CLIENT_HELLO described below, which results in this exception being thrown on the server side:
      Caused by: java.security.InvalidAlgorithmParameterException: Unknown
      curve name: 1.3.132.0.39
              at
      sun.security.ec.ECKeyPairGenerator.initialize(ECKeyPairGenerator.java:100)
              at
      java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:674)
              at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63)

      Removing TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 from my list of allowed ciphers on the server side made the problem go away. 1.3.132.0.39 is a valid curve according to RFC 4492

      Summary of CLIENT_HELLO captured from wireshark that resulted in the above exception on the server:

      Secure Sockets Layer
          TLSv1.2 Record Layer: Handshake Protocol: Client Hello
              Content Type: Handshake (22)
              Version: TLS 1.0 (0x0301)
              Length: 189
              Handshake Protocol: Client Hello
                  Handshake Type: Client Hello (1)
                  Length: 185
                  Version: TLS 1.2 (0x0303)
                  Random
                      GMT Unix Time: <redacted>
                      Random Bytes: <redacted>
                  Session ID Length: 0
                  Cipher Suites Length: 44
                  Cipher Suites (22 suites)
                      Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
                      Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
                      Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
                      Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
                      Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
                      Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
                      Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                      Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                      Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                      Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                      Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                      Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                      Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                      Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                      Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
                      Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
                      Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
                      Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
                      Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                      Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                      Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
                      Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
                  Compression Methods Length: 1
                  Compression Methods (1 method)
                      Compression Method: null (0)
                  Extensions Length: 100
                  Extension: ec_point_formats
                      Type: ec_point_formats (0x000b)
                      Length: 4
                      EC point formats Length: 3
                      Elliptic curves point formats (3)
                          EC point format: uncompressed (0)
                          EC point format: ansiX962_compressed_prime (1)
                          EC point format: ansiX962_compressed_char2 (2)
                  Extension: elliptic_curves
                      Type: elliptic_curves (0x000a)
                      Length: 52
                      Elliptic Curves Length: 50
                      Elliptic curves (25 curves)
                          Elliptic curve: sect571r1 (0x000e)
                          Elliptic curve: sect571k1 (0x000d)
                          Elliptic curve: secp521r1 (0x0019)
                          Elliptic curve: sect409k1 (0x000b)
                          Elliptic curve: sect409r1 (0x000c)
                          Elliptic curve: secp384r1 (0x0018)
                          Elliptic curve: sect283k1 (0x0009)
                          Elliptic curve: sect283r1 (0x000a)
                          Elliptic curve: secp256k1 (0x0016)
                          Elliptic curve: secp256r1 (0x0017)
                          Elliptic curve: sect239k1 (0x0008)
                          Elliptic curve: sect233k1 (0x0006)
                          Elliptic curve: sect233r1 (0x0007)
                          Elliptic curve: secp224k1 (0x0014)
                          Elliptic curve: secp224r1 (0x0015)
                          Elliptic curve: sect193r1 (0x0004)
                          Elliptic curve: sect193r2 (0x0005)
                          Elliptic curve: secp192k1 (0x0012)
                          Elliptic curve: secp192r1 (0x0013)
                          Elliptic curve: sect163k1 (0x0001)
                          Elliptic curve: sect163r1 (0x0002)
                          Elliptic curve: sect163r2 (0x0003)
                          Elliptic curve: secp160k1 (0x000f)
                          Elliptic curve: secp160r1 (0x0010)
                          Elliptic curve: secp160r2 (0x0011)
                  Extension: signature_algorithms
                      Type: signature_algorithms (0x000d)
                      Length: 32
                      Signature Hash Algorithms Length: 30
                      Signature Hash Algorithms (15 algorithms)
                          Signature Hash Algorithm: 0x0601
                              Signature Hash Algorithm Hash: SHA512 (6)
                              Signature Hash Algorithm Signature: RSA (1)
                          Signature Hash Algorithm: 0x0602
                              Signature Hash Algorithm Hash: SHA512 (6)
                              Signature Hash Algorithm Signature: DSA (2)
                          Signature Hash Algorithm: 0x0603
                              Signature Hash Algorithm Hash: SHA512 (6)
                              Signature Hash Algorithm Signature: ECDSA (3)
                          Signature Hash Algorithm: 0x0501
                              Signature Hash Algorithm Hash: SHA384 (5)
                              Signature Hash Algorithm Signature: RSA (1)
                          Signature Hash Algorithm: 0x0502
                              Signature Hash Algorithm Hash: SHA384 (5)
                              Signature Hash Algorithm Signature: DSA (2)
                          Signature Hash Algorithm: 0x0503
                              Signature Hash Algorithm Hash: SHA384 (5)
                              Signature Hash Algorithm Signature: ECDSA (3)
                          Signature Hash Algorithm: 0x0401
                              Signature Hash Algorithm Hash: SHA256 (4)
                              Signature Hash Algorithm Signature: RSA (1)
                          Signature Hash Algorithm: 0x0402
                              Signature Hash Algorithm Hash: SHA256 (4)
                              Signature Hash Algorithm Signature: DSA (2)
                          Signature Hash Algorithm: 0x0403
                              Signature Hash Algorithm Hash: SHA256 (4)
                              Signature Hash Algorithm Signature: ECDSA (3)
                          Signature Hash Algorithm: 0x0301
                              Signature Hash Algorithm Hash: SHA224 (3)
                              Signature Hash Algorithm Signature: RSA (1)
                          Signature Hash Algorithm: 0x0302
                              Signature Hash Algorithm Hash: SHA224 (3)
                              Signature Hash Algorithm Signature: DSA (2)
                          Signature Hash Algorithm: 0x0303
                              Signature Hash Algorithm Hash: SHA224 (3)
                              Signature Hash Algorithm Signature: ECDSA (3)
                          Signature Hash Algorithm: 0x0201
                              Signature Hash Algorithm Hash: SHA1 (2)
                              Signature Hash Algorithm Signature: RSA (1)
                          Signature Hash Algorithm: 0x0202
                              Signature Hash Algorithm Hash: SHA1 (2)
                              Signature Hash Algorithm Signature: DSA (2)


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Send the described CLIENT_HELLO message (or functional equivalent) to a Java server whose list of acceptable ciphers includes TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      That the server would pick a cipher that it had implemented and would work.
      ACTUAL -
      The "java.security.InvalidAlgorithmParameterException: Unknown
      curve name" exception was thrown, and an error returned to the client.

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      Caused by: java.security.InvalidAlgorithmParameterException: Unknown
      curve name: 1.3.132.0.39
              at
      sun.security.ec.ECKeyPairGenerator.initialize(ECKeyPairGenerator.java:100)
              at
      java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:674)
              at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63)

      REPRODUCIBILITY :
      This bug can be reproduced always.

      CUSTOMER SUBMITTED WORKAROUND :
      Remove TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 from the server's list of acceptable ciphers via SslParameters.setCipherSuites()

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: