Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8236039

JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

    XMLWordPrintable

Details

    • b05
    • Verified

    Backports

      Description

        The JSSE client will not accept the status_request message when TLS 1.3 is negotiated and the server sends a CertiicateRequest message with that extension in it.

        When this occurs the client throws an exception:
        javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request

        This is an allowed extension in TLS 1.3.

        Since the client does not currently support OCSP stapling, the client should not throw an exception on the extension, but instead should proceed with presenting the certificate without any OCSP response information.

        Support for client-side OCSP stapling is out of scope for this bug and should be filed as a separate RFE.

        Attachments

          1. cert.pem
            4 kB
          2. key.pem
            2 kB
          3. ssl-handshake.log
            15 kB
          4. SSLSocketClient.java
            1 kB
          5. tlsserv.go
            3 kB

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8249107 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8253664 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8237387 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8238504 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8241515 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8243759 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8247097 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8247954 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed
            duplicates

            Bug - A problem which impairs or prevents the functions of the product. JDK-8234949 Receiving TLS 1.3 connection error when connecting with Golang server

            • P3 - Major loss of function.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8244932 javax.net.ssl.SSLHandshakeException when client authentication is enabled

            • P3 - Major loss of function.
            • Closed
            relates to

            Enhancement - null JDK-8237373 Client-side OCSP stapling for JSSE

            • P3 - Major loss of function.
            • Open

            CSR - null JDK-8237486 Client-side OCSP stapling for JSSE

            • P3 - Major loss of function.
            • Draft

            Activity

              People

                jnimeh Jamil Nimeh
                jnimeh Jamil Nimeh
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: