Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P2
Fix Version/s: 15
Affects Version/s: 8, 11, 14, 15
Component/s: security-libs
Labels:

Subcomponent:
javax.net.ssl
Resolved In Build:
b05
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8249107	14u-cpu	Jamil Nimeh	P2	Resolved	Fixed	master
JDK-8247954	14.0.2	Jamil Nimeh	P2	Closed	Fixed	b11
JDK-8241515	13.0.3	Jamil Nimeh	P3	Resolved	Fixed	b02
JDK-8238504	11.0.8-oracle	Jamil Nimeh	P3	Resolved	Fixed	b01
JDK-8237387	11.0.7	Jamil Nimeh	P3	Resolved	Fixed	b01
JDK-8253664	openjdk8u272	Alexey Bakhtin	P2	Resolved	Fixed	b06
JDK-8243759	8u261	Prasadarao Koppula	P3	Resolved	Fixed	b05
JDK-8247097	emb-8u261	Prasadarao Koppula	P3	Resolved	Fixed	team

The JSSE client will not accept the status_request message when TLS 1.3 is negotiated and the server sends a CertiicateRequest message with that extension in it.

When this occurs the client throws an exception:
javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request

This is an allowed extension in TLS 1.3.

Since the client does not currently support OCSP stapling, the client should not throw an exception on the extension, but instead should proceed with presenting the certificate without any OCSP response information.

Support for client-side OCSP stapling is out of scope for this bug and should be filed as a separate RFE.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

cert.pem
4 kB
2020-07-20 02:34
key.pem
2 kB
2020-07-20 02:34
ssl-handshake.log
15 kB
2020-05-11 21:18
SSLSocketClient.java
1 kB
2020-07-20 02:25
tlsserv.go
3 kB
2019-12-27 21:42

backported by

JDK-8249107 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

Resolved

JDK-8253664 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

Resolved

JDK-8237387 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

Resolved

JDK-8238504 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

Resolved

JDK-8241515 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

Resolved

JDK-8243759 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

Resolved

JDK-8247097 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

Resolved

JDK-8247954 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

Closed

duplicates

JDK-8234949 Receiving TLS 1.3 connection error when connecting with Golang server

Closed

JDK-8244932 javax.net.ssl.SSLHandshakeException when client authentication is enabled

Closed

relates to

JDK-8237373 Client-side OCSP stapling for JSSE

Open

JDK-8237486 Client-side OCSP stapling for JSSE

Draft

(3 backported by, 2 duplicates, 2 relates to)

Assignee:: Jamil Nimeh

Reporter:: Jamil Nimeh

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2019-12-16 13:09

Updated:: 2021-02-19 07:01

Resolved:: 2020-01-05 21:06

Details

Backports

Description

Attachments

Attachments

Issue Links

Activity

People

Dates