Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8175361

Client certificate authentication issues with TLS 1.2 (TLS_DHE_DSS_WITH* cipher suites) and browser keystore

    Details

    • Subcomponent:
    • CPU:
      x86_64
    • OS:
      windows_7

      Description

      FULL PRODUCT VERSION :
      Plugin:
      Java Plug-in 11.121.2.13 x86
      Using JRE version 1.8.0_121-b13 Java HotSpot(TM) Client VM

      Command line:
      java version "1.8.0_121"
      Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
      Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)

      ADDITIONAL OS VERSION INFORMATION :
      Microsoft Windows [Version 6.1.7601]

      A DESCRIPTION OF THE PROBLEM :
      Java plugin is unable to download a applet from a TLS server (ver 1.2) with client authentication and TLS_DHE_DSS_* cipher suites. Java console shows error "Error signing the certificate verify". Java plugin is able to download applet with TLS_RSA_WITH* and TLS_DHE_RSA_WITH* cipher suites.

      Command line version of Java has no problem download the applet from the server using TLS_DHE_DSS_* cipher suites.


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Open browser and connect to a TLS server (with TLS_DHE_DSS_WITH* cipher suites) to load a html page with a applet.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      The applet should be loaded on the browser.
      ACTUAL -
      Java console show error "Error signing the certificate verify"


      ERROR MESSAGES/STACK TRACES THAT OCCUR :

      thread applet-Hello.class-1, called closeSocket()
      thread applet-Hello.class-1, handling exception: javax.net.ssl.SSLHandshakeException: Error signing certificate verify
      java.lang.ClassNotFoundException: Hello.class
      at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
      at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
      at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
      at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
      at java.lang.ClassLoader.loadClass(Unknown Source)
      at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
      at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
      at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)
      basic: load: class Hello.class not found.
      java.lang.ClassNotFoundException: Hello.class
      at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
      at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
      at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
      at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
      at java.lang.ClassLoader.loadClass(Unknown Source)
      at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
      at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
      at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)


      REPRODUCIBILITY :
      This bug can be reproduced always.

      CUSTOMER SUBMITTED WORKAROUND :
      Disable TLS1.2 or load the client cert into keystore in Java Control panel.

        Attachments

          Activity

            People

            • Assignee:
              almatvee Alexander Matveev
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: