-
Bug
-
Resolution: Fixed
-
P3
-
11, 12, 13
-
b10
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8230585 | 11.0.6-oracle | John Jiang | P3 | Resolved | Fixed | b01 |
JDK-8234283 | 11.0.6 | John Jiang | P3 | Resolved | Fixed | b04 |
JDK-8256681 | openjdk8u272 | Martin Balao Alonso | P3 | Closed | Fixed | b06 |
JDK-8243705 | 8u261 | Prasadarao Koppula | P3 | Resolved | Fixed | b05 |
JDK-8247038 | emb-8u261 | Prasadarao Koppula | P3 | Resolved | Fixed | team |
When Finished message verification fails, JSSE responds illegal_parameter error alert, like the below,
javax.net.ssl|ERROR|01|main|2018-12-18 10:33:09.490 CST|TransportContext.java:313|Fatal (ILLEGAL_PARAMETER): The Finished message cannot be verified. (
"throwable" : {
javax.net.ssl.SSLHandshakeException: The Finished message cannot be verified.
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
at java.base/sun.security.ssl.Finished$FinishedMessage.<init>(Finished.java:124)
at java.base/sun.security.ssl.Finished$T13FinishedConsumer.onConsumeFinished(Finished.java:984)
at java.base/sun.security.ssl.Finished$T13FinishedConsumer.consume(Finished.java:859)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:448)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:425)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:799)
at java.base/java.io.InputStream.read(InputStream.java:213)
... ...
javax.net.ssl|DEBUG|01|main|2018-12-18 10:36:13.753 CST|SSLSocketOutputRecord.java:71|WRITE: TLS13 alert(illegal_parameter), length = 2
but per RFC 8446 section 6.2, this alert should be decrypt_error.
"decrypt_error: A handshake (not record layer) cryptographic operation failed, including being unable to correctly verify a signature or validate a Finished message or a PSK binder."
javax.net.ssl|ERROR|01|main|2018-12-18 10:33:09.490 CST|TransportContext.java:313|Fatal (ILLEGAL_PARAMETER): The Finished message cannot be verified. (
"throwable" : {
javax.net.ssl.SSLHandshakeException: The Finished message cannot be verified.
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
at java.base/sun.security.ssl.Finished$FinishedMessage.<init>(Finished.java:124)
at java.base/sun.security.ssl.Finished$T13FinishedConsumer.onConsumeFinished(Finished.java:984)
at java.base/sun.security.ssl.Finished$T13FinishedConsumer.consume(Finished.java:859)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:448)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:425)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:799)
at java.base/java.io.InputStream.read(InputStream.java:213)
... ...
javax.net.ssl|DEBUG|01|main|2018-12-18 10:36:13.753 CST|SSLSocketOutputRecord.java:71|WRITE: TLS13 alert(illegal_parameter), length = 2
but per RFC 8446 section 6.2, this alert should be decrypt_error.
"decrypt_error: A handshake (not record layer) cryptographic operation failed, including being unable to correctly verify a signature or validate a Finished message or a PSK binder."
- backported by
-
JDK-8230585 Finished message validation failure should be decrypt_error alert
- Resolved
-
JDK-8234283 Finished message validation failure should be decrypt_error alert
- Resolved
-
JDK-8243705 Finished message validation failure should be decrypt_error alert
- Resolved
-
JDK-8247038 Finished message validation failure should be decrypt_error alert
- Resolved
-
JDK-8256681 Finished message validation failure should be decrypt_error alert
- Closed