-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
11
-
x86_64
-
linux
ADDITIONAL SYSTEM INFORMATION :
Ubuntu 18 (64 bit), JDK 11.0.4 / JDK 12.0.2
A DESCRIPTION OF THE PROBLEM :
Please try this program (designed for 64 Bit Linux): http://botcompany.de:8081/ssl-bugreport.tgz
There are 3 scripts (jdk10-ok, jdk11-broken, jdk12-broken) to show the broken/working behavior with the respective JDK versions.
The program always sets up a web server at https://localhost:1443 which is supposed to serve a single image. Then it loads the image itself which always works. Also, some clients are able to connect (e.g. wget).
However, when you open https://localhost:1443 in Chrome or Firefox (accepting the obvious certificate warning), you get various SSL-related errors (ERR_SSL_PROTOCOL_ERROR in Chrome, SSL_ERROR_RX_RECORD_TOO_LONG in Firefox).
This error occurs only with JDK 11 and JDK 12, not with JDK 10.
I hear SSL implementations have changed in JDK 11, but this bug does not logically seem to follow from that. There are no Java exceptions and apparently no cipher mismatches, but instead a different kind of SSL protocol error.
Note: I tried to remove my helper library x30.jar (which doesn't do much here) from the program, but wasn't able to do so in short time and decided to just push out the bug report instead. The basic sources for x30.jar are here: http://code.botcompany.de:8081/tb-int/get-transpiled.php?id=1001638&raw=1
Please advise, this is very important, as I currently cannot use JDK 11+ as a web server because of this bug.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Extract the archive, run "java -cp classes:x30.jar main" and open https://localhost:1443 in a browser.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
An image is served at https://localhost:1443
ACTUAL -
Browsers fail with SSL errors
---------- BEGIN SOURCE ----------
See bug report
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Use JDK 10
FREQUENCY : always
Ubuntu 18 (64 bit), JDK 11.0.4 / JDK 12.0.2
A DESCRIPTION OF THE PROBLEM :
Please try this program (designed for 64 Bit Linux): http://botcompany.de:8081/ssl-bugreport.tgz
There are 3 scripts (jdk10-ok, jdk11-broken, jdk12-broken) to show the broken/working behavior with the respective JDK versions.
The program always sets up a web server at https://localhost:1443 which is supposed to serve a single image. Then it loads the image itself which always works. Also, some clients are able to connect (e.g. wget).
However, when you open https://localhost:1443 in Chrome or Firefox (accepting the obvious certificate warning), you get various SSL-related errors (ERR_SSL_PROTOCOL_ERROR in Chrome, SSL_ERROR_RX_RECORD_TOO_LONG in Firefox).
This error occurs only with JDK 11 and JDK 12, not with JDK 10.
I hear SSL implementations have changed in JDK 11, but this bug does not logically seem to follow from that. There are no Java exceptions and apparently no cipher mismatches, but instead a different kind of SSL protocol error.
Note: I tried to remove my helper library x30.jar (which doesn't do much here) from the program, but wasn't able to do so in short time and decided to just push out the bug report instead. The basic sources for x30.jar are here: http://code.botcompany.de:8081/tb-int/get-transpiled.php?id=1001638&raw=1
Please advise, this is very important, as I currently cannot use JDK 11+ as a web server because of this bug.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Extract the archive, run "java -cp classes:x30.jar main" and open https://localhost:1443 in a browser.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
An image is served at https://localhost:1443
ACTUAL -
Browsers fail with SSL errors
---------- BEGIN SOURCE ----------
See bug report
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Use JDK 10
FREQUENCY : always
- duplicates
-
JDK-8225714 TLSv1.3 may generate TLSInnerPlainText longer than 2^14+1 bytes
-
- Resolved
-