Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8209982

SSL handshake fails on an (apparently) correct certificate, working in jdk10

XMLWordPrintable

    • 11
    • x86_64
    • linux

      ADDITIONAL SYSTEM INFORMATION :
      Tested in windows 10 and linux

      A DESCRIPTION OF THE PROBLEM :
      This handshake fails with message "extension (10) should not be presented in server_hello"

              URL obj = new URL("https://sis.redsys.es/sis/realizarPago");
              HttpURLConnection con = (HttpURLConnection) obj.openConnection();
              con.setRequestMethod("GET");
              int responseCode = con.getResponseCode();

      It was working in jdk 10 or previous. This URL also works in any browser.

      Tested in Jdk11 EA and latest release candidate (28)

      REGRESSION : Last worked in version 10.0.2

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Execute
              HttpURLConnection con = (HttpURLConnection) new URL("https://sis.redsys.es/sis/realizarPago").openConnection();
              con.setRequestMethod("GET");
              int responseCode = con.getResponseCode();

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      responseCode should be 200, no certificate errors
      ACTUAL -
      An error is thrown:

      extension (10) should not be presented in server_hello
      javax.net.ssl.SSLHandshakeException: extension (10) should not be presented in server_hello
      at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
      at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
      at java.base/sun.security.ssl.SSLExtensions.<init>(SSLExtensions.java:71)
      at java.base/sun.security.ssl.ServerHello$ServerHelloMessage.<init>(ServerHello.java:173)
      at java.base/sun.security.ssl.ServerHello$ServerHelloConsumer.consume(ServerHello.java:864)
      at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
      at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)
      at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
      at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
      at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
      at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
      at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
      at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
      at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1581)
      at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509)
      at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
      at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:329)

      ---------- BEGIN SOURCE ----------
      package com.test;

      import java.net.HttpURLConnection;
      import java.net.URL;

      public class HandshakeFail {

          public static void main(String[] args) throws Exception {
              HttpURLConnection con = (HttpURLConnection) new URL("https://sis.redsys.es/sis/realizarPago").openConnection();
              con.setRequestMethod("GET");
              int responseCode = con.getResponseCode();
          }
      }

      ---------- END SOURCE ----------

      FREQUENCY : always


            xuelei Xuelei Fan
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: