Details
-
Bug
-
Resolution: Fixed
-
P4
-
11, 12
-
b16
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8272360 | 13.0.9 | Alexey Bakhtin | P4 | Resolved | Fixed | b01 |
Description
If JSSE server fails on parsing extension, a unexpected_message error is alerted.
javax.net.ssl|DEBUG|01|main|2018-12-20 21:26:54.871 CST|ClientHello.java:809|Consuming ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
"session id" : "C2 85 94 0A 66 43 62 11 E2 39 CE 64 BF 9C A9 E0 89 77 F5 3F BF 1D 22 85 00 C2 05 43 59 43 76 44",
"cipher suites" : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"key_share (51)": {
Invalid key_share extension: insufficient data (length=0)
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"supported_groups (10)": {
"versions": [secp256r1]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_ke, psk_dhe_ke]
},
"signature_algorithms (13)": {
"signature schemes": [rsa_pss_rsae_sha256, rsa_pss_pss_sha256]
},
"signature_algorithms_cert (50)": {
"signature schemes": [rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_sha224, rsa_pkcs1_sha1, rsa_md5, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512]
}
]
}
)
... ...
javax.net.ssl|ERROR|01|main|2018-12-20 21:26:54.877 CST|TransportContext.java:312|Fatal (UNEXPECTED_MESSAGE): Invalid key_share extension: insufficient data (length=0) (
"throwable" : {
javax.net.ssl.SSLProtocolException: Invalid key_share extension: insufficient data (length=0)
at java.base/sun.security.ssl.KeyShareExtension$CHKeyShareSpec.<init>(KeyShareExtension.java:155)
at java.base/sun.security.ssl.KeyShareExtension$CHKeyShareConsumer.consume(KeyShareExtension.java:338)
at java.base/sun.security.ssl.SSLExtension.consumeOnLoad(SSLExtension.java:542)
at java.base/sun.security.ssl.SSLExtensions.consumeOnLoad(SSLExtensions.java:186)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1155)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:852)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:813)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:441)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:419)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1180)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1091)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:721)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:804)
at java.base/java.io.InputStream.read(InputStream.java:213)
at SimpleJSSEServer.readIn(SimpleJSSEServer.java:37)
at SimpleJSSEServer.main(SimpleJSSEServer.java:24)}
)
Although the message is out of expect, the root cause is checking the message length failed [1]. It would be better to alert decode_error.
In RFC 8446 section 6.2,
decode_error: A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This alert is used for errors where the message does not conform to the formal protocol syntax. This alert should never be observed in communication between proper implementations, except when messages were corrupted in the network.
[1] http://hg.openjdk.java.net/jdk/jdk/file/22295070fcd3/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java#l152
javax.net.ssl|DEBUG|01|main|2018-12-20 21:26:54.871 CST|ClientHello.java:809|Consuming ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
"session id" : "C2 85 94 0A 66 43 62 11 E2 39 CE 64 BF 9C A9 E0 89 77 F5 3F BF 1D 22 85 00 C2 05 43 59 43 76 44",
"cipher suites" : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"key_share (51)": {
Invalid key_share extension: insufficient data (length=0)
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"supported_groups (10)": {
"versions": [secp256r1]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_ke, psk_dhe_ke]
},
"signature_algorithms (13)": {
"signature schemes": [rsa_pss_rsae_sha256, rsa_pss_pss_sha256]
},
"signature_algorithms_cert (50)": {
"signature schemes": [rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_sha224, rsa_pkcs1_sha1, rsa_md5, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512]
}
]
}
)
... ...
javax.net.ssl|ERROR|01|main|2018-12-20 21:26:54.877 CST|TransportContext.java:312|Fatal (UNEXPECTED_MESSAGE): Invalid key_share extension: insufficient data (length=0) (
"throwable" : {
javax.net.ssl.SSLProtocolException: Invalid key_share extension: insufficient data (length=0)
at java.base/sun.security.ssl.KeyShareExtension$CHKeyShareSpec.<init>(KeyShareExtension.java:155)
at java.base/sun.security.ssl.KeyShareExtension$CHKeyShareConsumer.consume(KeyShareExtension.java:338)
at java.base/sun.security.ssl.SSLExtension.consumeOnLoad(SSLExtension.java:542)
at java.base/sun.security.ssl.SSLExtensions.consumeOnLoad(SSLExtensions.java:186)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1155)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:852)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:813)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:441)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:419)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1180)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1091)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:721)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:804)
at java.base/java.io.InputStream.read(InputStream.java:213)
at SimpleJSSEServer.readIn(SimpleJSSEServer.java:37)
at SimpleJSSEServer.main(SimpleJSSEServer.java:24)}
)
Although the message is out of expect, the root cause is checking the message length failed [1]. It would be better to alert decode_error.
In RFC 8446 section 6.2,
decode_error: A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This alert is used for errors where the message does not conform to the formal protocol syntax. This alert should never be observed in communication between proper implementations, except when messages were corrupted in the network.
[1] http://hg.openjdk.java.net/jdk/jdk/file/22295070fcd3/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java#l152
Attachments
Issue Links
- backported by
-
JDK-8272360 Parsing extension failure may alert decode_error
-
- Resolved
-
- duplicates
-
-
- Closed
-
