Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8311644

Server should not send bad_certificate alert when the client does not send any certificates

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P3
    • 23
    • 8, 11, 17, 20, 21, 22
    • security-libs

    Description

      Currently when the server needs client authentication and the client does not produce any certificates, the connection is aborted with "bad_certificate" alert.

      I checked the TLS1.0-1.3 specs; 1.0-1.2 recommend handshake_failure, and 1.3 recommends certificate_required alert.

      Additionally, [TLS1.3]:
      If the server supplies an empty Certificate message, the client MUST abort the handshake with a "decode_error" alert.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. JDK-8325079 Alerts on client auth may not conform to the RFCs

          • P4 - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Sub-task - The sub-task of the issue JDK-8326699 Problemlist CertMsgCheck.java

          • P4 - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JDK-8326705 Test CertMsgCheck.java fails to find alert certificate_required

          • P3 - Major loss of function.
          • Open
          links to

          Commit Commit openjdk/jdk/f62b5789

          Review Review openjdk/jdk/17717

          Activity

            People

              ascarpino Anthony Scarpino
              djelinski Daniel Jelinski
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: