Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8239595

ssl context version is not respected

    XMLWordPrintable

Details

    • b19
    • Verified

    Description

      ADDITIONAL SYSTEM INFORMATION :
      Tested in OpenJDK 13 and also 11.0.6+10.

      A DESCRIPTION OF THE PROBLEM :
      According to https://www.java.com/en/configure_crypto.html setting an SSL context of a specific version makes this version the upper limit to be used.
      But this is not the case.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Start JShell and execute:

      System.setProperty("javax.net.debug", "ssl:handshake:verbose")
      javax.net.ssl.SSLContext sslContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2")
      sslContext.init(null, null, null)
      java.net.http.HttpClient.newBuilder().sslContext(sslContext).build().send(java.net.http.HttpRequest.newBuilder(new java.net.URI("https://tls1.3speaking.url")).GET().build(), java.net.http.HttpResponse.BodyHandlers.ofString()).body()


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      TLS1.2 being used
      ACTUAL -
      javax.net.ssl|DEBUG|1A|HttpClient-6-Worker-0|2020-02-14 14:24:03.229 CET|ClientHello.java:653|Produced ClientHello handshake message (
      "ClientHello": {
      ...
          "supported_versions (43)": {
            "versions": [TLSv1.3, TLSv1.2]
          },
      ...
      javax.net.ssl|DEBUG|1A|HttpClient-6-Worker-0|2020-02-14 14:24:03.245 CET|ServerHello.java:871|Consuming ServerHello handshake message (
      "ServerHello": {
      ...
          "supported_versions (43)": {
            "selected version": [TLSv1.3]
      ...
      javax.net.ssl|DEBUG|1A|HttpClient-6-Worker-0|2020-02-14 14:24:03.245 CET|ServerHello.java:967|Negotiated protocol version: TLSv1.3


      CUSTOMER SUBMITTED WORKAROUND :
      Disable TLS1.3 completely in the runtime using jdk.tls.disabledAlgorithms in conf/security/java.security mentioned on the same page.

      Or using SSLParameters like mentioned on the same page:

      javax.net.ssl.SSLParameters sslParameters = new javax.net.ssl.SSLParameters()
      sslParameters.setProtocols(new String[] {"TLSv1.2"})
      ...
      .sslParameters(sslParameters)

      FREQUENCY : always


      Attachments

        1. jdk11-google-ssl.txt
          20 kB
        2. jdk13-google-ssl.txt
          25 kB
        3. Main.java
          1 kB

        Issue Links

          Activity

            People

              ryadav Rahul Yadav
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: