Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P3
Fix Version/s: 15
Affects Version/s: 8, 11, 15
Component/s: security-libs
Labels:

Subcomponent:
javax.net.ssl
Resolved In Build:
b25

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8272365	13.0.9	Alexey Bakhtin	P3	Resolved	Fixed	b01
JDK-8264278	11.0.12	Xuelei Fan	P3	Resolved	Fixed	b01
JDK-8249876	11.0.10-oracle	Prasadarao Koppula	P3	Resolved	Fixed	b01
JDK-8248708	11.0.9-oracle	Prasadarao Koppula	P3	Closed	Won't Fix
JDK-8265451	openjdk8u302	Severin Gehwolf	P3	Resolved	Fixed	b04
JDK-8259547	8u291	Prasadarao Koppula	P3	Resolved	Fixed	b01
JDK-8250262	8u281	Prasadarao Koppula	P3	Resolved	Fixed	b01
JDK-8255924	8u271	Prasadarao Koppula	P3	Closed	Fixed	b33
JDK-8262642	emb-8u291	Prasadarao Koppula	P3	Resolved	Fixed	team
JDK-8257309	emb-8u281	Prasadarao Koppula	P3	Resolved	Fixed	team

See TLS 1.3 specification, RFC 8446.
"Certificate authorities (CAs) which an endpoint supports and which SHOULD be used by the receiving endpoint to guide certificate selection. ... The client MAY send the "certificate_authorities" extension in the ClientHello message. The server MAY send it in the CertificateRequest message."

For TLS 1.2 and prior versions, the certificate selection is guided by the CertificateRequest. While TLS 1.3 move this function to the "certificate_authorities" extension.

The current TLS 1.3 implementation does not support this function, as could lead to certificate selection improperly and thus compatibility issues if upgrade from TLS 1.2 to TLS 1.3.

backported by

JDK-8249876 Support the certificate_authorities extension

Resolved

JDK-8250262 Support the certificate_authorities extension

Resolved

JDK-8257309 Support the certificate_authorities extension

Resolved

JDK-8259547 Support the certificate_authorities extension

Resolved

JDK-8262642 Support the certificate_authorities extension

Resolved

JDK-8264278 Support the certificate_authorities extension

Resolved

JDK-8265451 Support the certificate_authorities extension

Resolved

JDK-8272365 Support the certificate_authorities extension

Resolved

JDK-8248708 Support the certificate_authorities extension

Closed

JDK-8255924 Support the certificate_authorities extension

Closed

csr for

JDK-8244441 Support the certificate_authorities extension

Closed

relates to

JDK-8245848 Document the certificate_authorities extension in JSSE Reference Guides

Resolved

JDK-8234727 sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3

Resolved

JDK-8252789 Empty client certificate issue during TLS handshake

Closed

JDK-8272351 Mutual TLS has stopped working - client certificates using RSA SHA256 not found

Closed

links to

Commit openjdk/jdk13u-dev/239e7275

Review openjdk/jdk13u-dev/252

(5 backported by, 1 csr for, 4 relates to, 2 links to)

Release Note: Support for certificate_authorities Extension

Closed

Clifford Wayne (Inactive)

Assignee:: Xuelei Fan

Reporter:: Xuelei Fan

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 2018-07-09 09:13

Updated:: 2024-10-02 11:11

Resolved:: 2020-05-27 09:49

Details

Backports

Description

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates