As pointed out here:

https://mail.openjdk.java.net/pipermail/security-dev/2020-October/022750.html

SunJSSE does not handle String conversion to byte[] well, and thus can't represent some of the GREASE values (RFC 8701: https://tools.ietf.org/rfcmarkup?doc=8701 )

For our implementation currently:

1. Client can't send valid GREASE values. We'll send a UTF-8 representation which won't be recognized by peers as GREASE.

2. Server shouldn't crash, but will not report to our API consumers that GREASE values were received.

[Update 11/24/2020-after further experimentation/bug fixing]

JSSE Client will send >0x7F bytes encoded as 2-4 UTF-8 bytes, which will only be recognized by JSSE peers. Other impls may not know how to decode.

For JSSE Server, there are two cases:

1. it can receive >0x7F either as 2-4 UTF-8 bytes (correct value returned in String to app), or
2. as an incorrectly formatted UTF-8. In that case, default "?" value returned to app.

For the first case, *IF* the server selects a ALPN value that contains a character with a >0x7F value, the app will crash when trying to create the ALPN extension reply.

Evaluate possible approaches.