-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
8u65, 9
-
x86_64
-
windows_7
FULL PRODUCT VERSION :
java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
As already reported in https://bugs.openjdk.java.net/browse/JDK-8072464 using custom HostnameVerifier breaks using secure connection with SNI. In the linked report it may fallback to not using SNI but the issue is with sites relaying on SNI only.
Some of the sites showing the issue are (CloudFlare CDN):
https://kitematic.com/terms-of-service/
https://roundcube.net/news/2015/11/23/roundcube-webmail-1.2-beta-out-now/
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Attempt to make a connection when using HostnameVerifier to a SNI only site - run attached test case.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" javax.net.ssl.SSLException: Received fatal alert: internal_error
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at SSLClient.main(SSLClient.java:14)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import javax.net.ssl.*;
import java.net.URL;
public class SSLClient {
public static void main(String[] args) throws Exception {
URL url = new URL("https://roundcube.net/news/2015/11/23/roundcube-webmail-1.2-beta-out-now/");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
conn.getInputStream();
}
}
---------- END SOURCE ----------
java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
As already reported in https://bugs.openjdk.java.net/browse/JDK-8072464 using custom HostnameVerifier breaks using secure connection with SNI. In the linked report it may fallback to not using SNI but the issue is with sites relaying on SNI only.
Some of the sites showing the issue are (CloudFlare CDN):
https://kitematic.com/terms-of-service/
https://roundcube.net/news/2015/11/23/roundcube-webmail-1.2-beta-out-now/
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Attempt to make a connection when using HostnameVerifier to a SNI only site - run attached test case.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" javax.net.ssl.SSLException: Received fatal alert: internal_error
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at SSLClient.main(SSLClient.java:14)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import javax.net.ssl.*;
import java.net.URL;
public class SSLClient {
public static void main(String[] args) throws Exception {
URL url = new URL("https://roundcube.net/news/2015/11/23/roundcube-webmail-1.2-beta-out-now/");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
conn.getInputStream();
}
}
---------- END SOURCE ----------
- duplicates
-
-
- Closed
-
-
-
- Closed
-