-
Bug
-
Resolution: Cannot Reproduce
-
P3
-
None
-
6u111
Submitter reports :
We are facing an issue related to TLSv1.1 on Java 6 u111. We have observed that communication over TLSv1.1 is Not happening because of unavailability of Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033). After we removed the entry of SSLv3 from jdk.tls.disabledAlgorithms in java.security file, the mentioned cipher is enabled and communication happens successfully over TLSv1.1. It seems that disabling SSLv3 in java.security (it is disabled by default), is disabling the required cipher suite.
a) java -version
java -version
java version "1.6.0_111"
Java(TM) SE Runtime Environment (build 1.6.0_111-b12)
Java HotSpot(TM) 64-Bit Server VM (build 20.111-b01, mixed mode)
Linux OS.
We have enabled TLSv1.1 in code using javax.net.ssl.SSLSocket.setEnabledProtocols in the code.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Connection Id: ID_TEST #0, setSoTimeout(30000) called
Connection Id: ID_TEST #0, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Connection Id: ID_TEST #1, setSoTimeout(30000) called
Connection Id: ID_TEST #1, setSoTimeout(0) called
Connection Id: ID_TEST #1, setSoTimeout(55000) called
Ignoring disabled protocol: SSLv3
Ignoring disabled protocol: TLSv1
*No available cipher suite for TLSv1.1**
**Connection Id: ID_TEST #1, handling exception: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)**
**Connection Id: ID_TEST #1, SEND TLSv1 ALERT: fatal, description = handshake_failure**
**Connection Id: ID_TEST #1, WRITE: TLSv1 Alert, length = 2*
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
Connection Id: ID_TEST #1, called closeSocket()
Connection Id: ID_TEST #1, called close()
Connection Id: ID_TEST #1, called closeInternal(true)
We are facing an issue related to TLSv1.1 on Java 6 u111. We have observed that communication over TLSv1.1 is Not happening because of unavailability of Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033). After we removed the entry of SSLv3 from jdk.tls.disabledAlgorithms in java.security file, the mentioned cipher is enabled and communication happens successfully over TLSv1.1. It seems that disabling SSLv3 in java.security (it is disabled by default), is disabling the required cipher suite.
a) java -version
java -version
java version "1.6.0_111"
Java(TM) SE Runtime Environment (build 1.6.0_111-b12)
Java HotSpot(TM) 64-Bit Server VM (build 20.111-b01, mixed mode)
Linux OS.
We have enabled TLSv1.1 in code using javax.net.ssl.SSLSocket.setEnabledProtocols in the code.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Connection Id: ID_TEST #0, setSoTimeout(30000) called
Connection Id: ID_TEST #0, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Connection Id: ID_TEST #1, setSoTimeout(30000) called
Connection Id: ID_TEST #1, setSoTimeout(0) called
Connection Id: ID_TEST #1, setSoTimeout(55000) called
Ignoring disabled protocol: SSLv3
Ignoring disabled protocol: TLSv1
*No available cipher suite for TLSv1.1**
**Connection Id: ID_TEST #1, handling exception: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)**
**Connection Id: ID_TEST #1, SEND TLSv1 ALERT: fatal, description = handshake_failure**
**Connection Id: ID_TEST #1, WRITE: TLSv1 Alert, length = 2*
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
Connection Id: ID_TEST #1, called closeSocket()
Connection Id: ID_TEST #1, called close()
Connection Id: ID_TEST #1, called closeInternal(true)