Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8217579

TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

    XMLWordPrintable

Details

    • b06
    • Verified

    Backports

      Description

        When listing the default and available ciphers with 8u202 (testcase listed below) One can notice that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is gone. With 8u192 it was still in the list of default and available ciphers.

        It appears, "8211883: Disable anon and NULL cipher suites" is the reason TLS_EMPTY_RENEGOTIATION_INFO_SCSV is gone now.

        It looks like some of our Tomcat users are running into this issue because
        TLS_EMPTY_RENEGOTIATION_INFO_SCSV plays some role there .

        Full JDK Versions
        -----------------
        JDK 7u211 and later, 8u201 and later, 11.0.2 and later


        Testcase & Reproduction Instructions
        ------------------------------------
        import java.util.*;
        import javax.net.ssl.SSLServerSocketFactory;
         
        public class Ciphers
        {
            public static void main(String[] args)
                throws Exception
            {
                SSLServerSocketFactory ssf =
        SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
         
                String[] defaultCiphers = ssf.getDefaultCipherSuites();
                String[] availableCiphers = ssf.getSupportedCipherSuites();
         
                System.out.println("default ciphers:");
                System.out.println("------------------------------");
                for (String s: defaultCiphers) {
                    System.out.println(s);
                }
         
                System.out.println("available ciphers:");
                System.out.println("------------------------------");
                for (String s: availableCiphers) {
                    System.out.println("available:" + s);
                }
            }
        }

        Workaround
        ----------
        Remove NULL from jdk.tls.disabledAlgorithm

        Related Bugs, Forum Threads
        ---------------------------
        https://mail.openjdk.java.net/pipermail/security-dev/2019-January/019237.html

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218072 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218075 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218137 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218257 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218325 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218373 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218437 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8219594 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8221038 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8222655 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8224354 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8243744 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8247082 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218073 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218191 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218390 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218430 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218433 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed
            duplicates

            Bug - A problem which impairs or prevents the functions of the product. JDK-8207784 CheckCipherSuites.java test is ignored

            • P3 - Major loss of function.
            • Resolved
            relates to

            Enhancement - null JDK-8211883 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Activity

              People

                mullan Sean Mullan
                shadowbug Shadow Bug
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: