Loading...

Details

Type: Bug
Resolution: Unresolved
Priority: P4
Fix Version/s: None
Affects Version/s: 8
Component/s: security-libs
Labels:
- 11-na
- 17-na
- dcsaw
- reproducer-yes
- webbug

Subcomponent:
javax.net.ssl

Description

ADDITIONAL SYSTEM INFORMATION :
Windows/openjdk version "1.8.0_292"

A DESCRIPTION OF THE PROBLEM :
For some sites (e.g. https://www.google.com - BoringSSL), SSL Handshake fails for TLSv1.3 only when ciphersuites are set manually via jdk.tls.client.cipherSuites. With the same set of ciphersuites, the SSL handshake is working for other sites (e.g. https://www.oracle.com)

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Set jdk.tls.client.protocols","TLSv1.3, TLSv1.2"
2. Set jdk.tls.client.cipherSuites with some ciphersuites
3. Open a HTTPS URL Connection to https://www.google.com

Note: When jdk.tls.client.protocols=TLSv1.3 and jdk.tls.client.enableStatusRequestExtension=true, the SSL handshake is working fine for the same set of ciphersuites. It's only when jdk.tls.client.protocols=TLSv1.3,TLSv1.2 , it is not working.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Successful SSL handshake
ACTUAL -
javax.net.ssl|FINE|01|main|2021-07-16 10:07:12.569 IST|SSLCipher.java:438|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.475 IST|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=www.google.com) was replaced with (type=host_name (0), value=www.google.com)
javax.net.ssl|WARNING|01|main|2021-07-16 10:07:13.621 IST|SignatureScheme.java:297|Signature algorithm, ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|01|main|2021-07-16 10:07:13.621 IST|SignatureScheme.java:297|Signature algorithm, ed448, is not supported by the underlying providers
javax.net.ssl|INFO|01|main|2021-07-16 10:07:13.627 IST|AlpnExtension.java:161|No available application protocols
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.630 IST|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.631 IST|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.645 IST|PreSharedKeyExtension.java:634|No session to resume.
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.645 IST|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.649 IST|ClientHello.java:575|Produced ClientHello handshake message (
"ClientHello": {
  "client version" : "TLSv1.2",
  "random" : "60 A4 2C 72 81 40 C2 CA 20 B0 E3 6E 1B 79 EF 58 F6 DD C9 50 B1 B9 16 27 CE E1 68 E1 02 7B B6 70",
  "session id" : "DE 1D B1 59 08 FA BA 71 40 AC BF FA 84 82 0B 36 AB 61 65 E9 0C 37 E4 EC 79 D6 07 6C E4 9B E6 C5",
  "cipher suites" : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D)]",
  "compression methods" : "00",
  "extensions" : [
    "server_name (0)": {
      type=host_name (0), value=www.google.com
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
      "cert status request": {
        "certificate status type": ocsp_multi
        "OCSP status request": {
          "responder_id": <empty>
          "request extensions": {
            <empty>
          }
        }
      }
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": secp256r1
          "key_exchange": {
            0000: 04 CE 12 71 2B CE 1F 20 25 9C 4E 23 79 D2 70 1A ...q+.. %.N#y.p.
            0010: 3E C3 3D 2D 24 DB 80 35 DD 9D 16 8A D8 17 2D 0E >.=-$..5......-.
            0020: 80 19 A2 57 E2 15 E2 FD 97 9C A6 25 8A D8 24 5B ...W.......%..$[
            0030: 0E 2B 8F D6 1B 77 FD 11 0B E1 80 4C 67 AF A6 B0 .+...w.....Lg...
            0040: FB
          }
        },
      ]
    },
    "renegotiation_info (65,281)": {
      "renegotiated connection": [<no renegotiated connection>]
    }
  ]
}
)
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.776 IST|Alert.java:238|Received alert message (
"Alert": {
  "level" : "fatal",
  "description": "handshake_failure"
}

---------- BEGIN SOURCE ----------
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;

public class TestHTTPS {

public static void main(String[] args) {
try {
String urlStr = "https://www.google.com";
//String urlStr = "https://www.youtube.com";

System.setProperty("jdk.tls.client.protocols","TLSv1.3, TLSv1.2");

//System.setProperty("jdk.tls.client.enableStatusRequestExtension","true");
System.setProperty("jdk.tls.client.cipherSuites","TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384");

System.setProperty("javax.net.debug", "ssl:handshake");

URL url = new URL(urlStr);
URLConnection conn = url.openConnection();
InputStream inp = conn.getInputStream();
System.out.println("Connected:");
inp.close();
}
catch(Exception e) {
e.printStackTrace();
}

}
}

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Upgrade to OpenJDK11. But I want to know if the issue can be fixed in the OpenJDK8

FREQUENCY : always

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

TestHTTPS.java
1 kB
2021-07-16 00:23

Issue Links

backport of

JDK-8235874 The ordering of Cipher Suites is not maintained provided through “jdk.tls.client.cipherSuites” and “jdk.tls.server.cipherSuites” system property.

Resolved

relates to

JDK-8241360 BoringSSL rejects JSSE TLS 1.3 https connections when status_request extension is disabled

Open

SSL Handshake fails for some sites (google.com) when TLSv1.3 is enabled

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates