5

Software environment:

  • Ubuntu 20.04 LTS server;
  • Android AOSP 8.0;
  • OpenJDK 8;

It works very well util yesterday I upgraded my OpenJDK from 8u282 to 8u292. Now the broken building log says:

Ensuring Jack server is installed and started
FAILED: setup-jack-server
/bin/bash -c "(prebuilts/sdk/tools/jack-admin install-server prebuilts/sdk/tools/jack-launcher.jar prebuilts/sdk/tools/jack-server-4.11.ALPHA.jar  2>&1 || (exit 0) ) && (JACK_SERVER_VM_ARGUMENTS=\"-Dfile.encoding=UTF-8 -XX:+TieredCompilation\" prebuilts/sdk/tools/jack-admin start-server 2>&1 ||
 exit 0 ) && (prebuilts/sdk/tools/jack-admin update server prebuilts/sdk/tools/jack-server-4.11.ALPHA.jar 4.11.ALPHA 2>&1 || exit 0 ) && (prebuilts/sdk/tools/jack-admin update jack prebuilts/sdk/tools/jacks/jack-4.32.CANDIDATE.jar 4.32.CANDIDATE || exit 47 )"
Jack server already installed in "~/.jack-server"
Launching Jack server java -XX:MaxJavaStackTraceDepth=-1 -Djava.io.tmpdir=/tmp -Dfile.encoding=UTF-8 -XX:+TieredCompilation -cp ~/.jack-server/launcher.jar com.android.jack.launcher.ServerLauncher
Jack server failed to (re)start, try 'jack-diagnose' or see Jack server log
SSL error when connecting to the Jack server. Try 'jack-diagnose'
SSL error when connecting to the Jack server. Try 'jack-diagnose'
ninja: build stopped: subcommand failed.
10:11:50 ninja failed with: exit status 1

I checked the log in ~/.jack-server/log/xxxx-0-0.log. It has nothing about error.

I use curl command to connect to the server, it says:

$ curl https://127.0.0.1:8076/jack
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:8076

I changed the script in prebuilts/sdk/tools/jack-admin to print the $CURL_CODE, samed as my shell curl command, report error code 35.

This url discussed about samliar problem: https://forums.gentoo.org/viewtopic-t-1060536-start-0.html

But I am not sure.

Here is the source script link which prompts the above error: https://android-opengrok.bangnimang.net/android-8.1.0_r81/xref/prebuilts/sdk/tools/jack-admin?r=692a2a62#89

progquester
  • 1,228
  • 14
  • 23

3 Answers3

9

I have same issue and it was fixed by removing "TLSv1, TLSv1.1" in jdk.tls.disabledAlgorithms configuration in file /etc/java-8-openjdk/security/java.security.

Guillaume P
  • 371
  • 2
  • 8
  • Yea ... but I think that's what you want to **avoid** doing, since you are **reducing** security for your Java installation. (And you will most likely have to repeat this each time you update the installation.) – Stephen C May 01 '21 at 01:14
3

I think that there is a good chance that it is this:

Basically, they have turned off (default) support for TLS 1.0 and 1.1, starting in 8u291. These versions of TLS are old, insecure and deprecated; see https://en.wikipedia.org/wiki/Transport_Layer_Security

This is mentioned in the 8u291 release notes.

My advice would be to find out why your build system is not using TLS 1.2 or later. Then upgrade / fix that.

You can test if this is the problem by running curl with the --tlsv1.2 option.

Stephen C
  • 698,415
  • 94
  • 811
  • 1,216
  • $ curl -vv https://127.0.0.1:8076/jack --tlsv1.2 * Trying 127.0.0.1:8076... * TCP_NODELAY set * Connected to 127.0.0.1 (127.0.0.1) port 8076 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:8076 * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:8076 – progquester Apr 30 '21 at 12:32
  • $ curl -Version curl 7.68.0 (x86_64-pc-linux-gnu) libcurl/7.68.0 OpenSSL/1.1.1f zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.2.0) libssh/0.9.3/openssl/zlib nghttp2/1.40.0 librtmp/2.3 Release-Date: 2020-01-08 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets – progquester Apr 30 '21 at 12:51
  • Maybe try `--tlsv1.3`? If that fails, try turning on SSL debugging on the server side to get clues as to why the server is disconnecting during the negotiation. – Stephen C Apr 30 '21 at 23:30
2

removing "TLSv1, TLSv1.1" in jdk.tls.disabledAlgorithms configuration in file /etc/java-8-openjdk/security/java.security.

It work for me.

Ubuntu update jdk 8u292 background, so it hard related to jdk .

Firsty, Some info link to change Jack port , I had change Jack port but it doesnot work.

Secondly, I have try update ubuntu16.04.2 and ubuntu16.04.7. but error of "SSL error when connecting to the Jack server. Try 'jack-diagnose'" still occurs.

Thanks @Guillaume P a lot.

huntbao
  • 21
  • 1