-
Bug
-
Resolution: Fixed
-
P4
-
12
-
b19
-
Verified
ADDITIONAL SYSTEM INFORMATION :
Tested in OpenJDK 13 and also 11.0.6+10.
A DESCRIPTION OF THE PROBLEM :
According to https://www.java.com/en/configure_crypto.html setting the system property jdk.tls.client.protocols should "enable specific TLS protocols on the client, specify them in a comma-separated list within quotation marks; all other supported protocols are then disabled on the client".
But this is not the case.
The property is evaluated according to a breakpoint I set, but it has no effect.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Start JShell and execute:
System.setProperty("javax.net.debug", "ssl:handshake:verbose")
System.setProperty("jdk.tls.client.protocols", "TLSv1.2")
java.net.http.HttpClient.newBuilder().build().send(java.net.http.HttpRequest.newBuilder(new java.net.URI("https://tls1.3speaking.url")).GET().build(), java.net.http.HttpResponse.BodyHandlers.ofString()).body()
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
TLS1.2 being used
ACTUAL -
javax.net.ssl|DEBUG|1A|HttpClient-6-Worker-0|2020-02-14 14:24:03.229 CET|ClientHello.java:653|Produced ClientHello handshake message (
"ClientHello": {
...
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
...
javax.net.ssl|DEBUG|1A|HttpClient-6-Worker-0|2020-02-14 14:24:03.245 CET|ServerHello.java:871|Consuming ServerHello handshake message (
"ServerHello": {
...
"supported_versions (43)": {
"selected version": [TLSv1.3]
...
javax.net.ssl|DEBUG|1A|HttpClient-6-Worker-0|2020-02-14 14:24:03.245 CET|ServerHello.java:967|Negotiated protocol version: TLSv1.3
CUSTOMER SUBMITTED WORKAROUND :
Disable TLS1.3 completely in the runtime using jdk.tls.disabledAlgorithms in conf/security/java.security mentioned on the same page.
FREQUENCY : always
Tested in OpenJDK 13 and also 11.0.6+10.
A DESCRIPTION OF THE PROBLEM :
According to https://www.java.com/en/configure_crypto.html setting the system property jdk.tls.client.protocols should "enable specific TLS protocols on the client, specify them in a comma-separated list within quotation marks; all other supported protocols are then disabled on the client".
But this is not the case.
The property is evaluated according to a breakpoint I set, but it has no effect.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Start JShell and execute:
System.setProperty("javax.net.debug", "ssl:handshake:verbose")
System.setProperty("jdk.tls.client.protocols", "TLSv1.2")
java.net.http.HttpClient.newBuilder().build().send(java.net.http.HttpRequest.newBuilder(new java.net.URI("https://tls1.3speaking.url")).GET().build(), java.net.http.HttpResponse.BodyHandlers.ofString()).body()
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
TLS1.2 being used
ACTUAL -
javax.net.ssl|DEBUG|1A|HttpClient-6-Worker-0|2020-02-14 14:24:03.229 CET|ClientHello.java:653|Produced ClientHello handshake message (
"ClientHello": {
...
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
...
javax.net.ssl|DEBUG|1A|HttpClient-6-Worker-0|2020-02-14 14:24:03.245 CET|ServerHello.java:871|Consuming ServerHello handshake message (
"ServerHello": {
...
"supported_versions (43)": {
"selected version": [TLSv1.3]
...
javax.net.ssl|DEBUG|1A|HttpClient-6-Worker-0|2020-02-14 14:24:03.245 CET|ServerHello.java:967|Negotiated protocol version: TLSv1.3
CUSTOMER SUBMITTED WORKAROUND :
Disable TLS1.3 completely in the runtime using jdk.tls.disabledAlgorithms in conf/security/java.security mentioned on the same page.
FREQUENCY : always
- relates to
-
JDK-8239595 ssl context version is not respected
- Closed