-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
11
-
x86_64
-
linux
ADDITIONAL SYSTEM INFORMATION :
{{openjdk version "11" 2018-09-25}}
{{OpenJDK Runtime Environment 18.9 (build 11+28)}}
{{OpenJDK 64-Bit Server VM 18.9 (build 11+28, mixed mode)}}
But the behavior is also present on macOS
A DESCRIPTION OF THE PROBLEM :
I am experiencing a similar issue toJDK-8211806. I've uploaded the relevant part of a connection made with {{-Djavax.net.debug=ssl}} here: https://gist.github.com/UsmannK/94c7d360637b1a5534389e1326882133. Similar to the cited issue I see:
{{javax.net.ssl|DEBUG|2B|Keep-Alive-Timer|2018-11-12 13:48:29.580 PST|SSLSocketImpl.java:1380|close the SSL connection (passive)}}
{{javax.net.ssl|DEBUG|01|main|2018-11-12 13:48:29.593 PST|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=www.googleapis.com) was replaced with (type=host_name (0), value=www.googleapis.com)}}
Followed eventually by
{{javax.net.ssl|WARNING|01|main|2018-11-12 13:48:29.595 PST|ServerNameExtension.java:255|Unable to indicate server name}}
And a ClientHello that, using TLSv1.2, advertises TLSv1.3 as a supported version but does not include an SNI extension. In response, Google agrees, using TLSv1.2, to select 1.3 then immediately follows up with a dummy cert that has an error saying we did not specify SNI.
Of note is that this is immediately after a previous successful connection, so I think it is a connection resume like in the linked bug. That part I'm unsure about.
REGRESSION : Last worked in version 8u181
FREQUENCY : often
{{openjdk version "11" 2018-09-25}}
{{OpenJDK Runtime Environment 18.9 (build 11+28)}}
{{OpenJDK 64-Bit Server VM 18.9 (build 11+28, mixed mode)}}
But the behavior is also present on macOS
A DESCRIPTION OF THE PROBLEM :
I am experiencing a similar issue to
{{javax.net.ssl|DEBUG|2B|Keep-Alive-Timer|2018-11-12 13:48:29.580 PST|SSLSocketImpl.java:1380|close the SSL connection (passive)}}
{{javax.net.ssl|DEBUG|01|main|2018-11-12 13:48:29.593 PST|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=www.googleapis.com) was replaced with (type=host_name (0), value=www.googleapis.com)}}
Followed eventually by
{{javax.net.ssl|WARNING|01|main|2018-11-12 13:48:29.595 PST|ServerNameExtension.java:255|Unable to indicate server name}}
And a ClientHello that, using TLSv1.2, advertises TLSv1.3 as a supported version but does not include an SNI extension. In response, Google agrees, using TLSv1.2, to select 1.3 then immediately follows up with a dummy cert that has an error saying we did not specify SNI.
Of note is that this is immediately after a previous successful connection, so I think it is a connection resume like in the linked bug. That part I'm unsure about.
REGRESSION : Last worked in version 8u181
FREQUENCY : often
- duplicates
-
-
- Closed
-