Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 23
Affects Version/s: 8, 11, 17, 20, 21, 22
Component/s: security-libs
Labels:

Subcomponent:
javax.net.ssl
Resolved In Build:
b12
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8365440	21.0.9	Goetz Lindenmaier	P3	Resolved	Fixed	b04

Currently when the server needs client authentication and the client does not produce any certificates, the connection is aborted with "bad_certificate" alert.

I checked the TLS1.0-1.3 specs; 1.0-1.2 recommend handshake_failure, and 1.3 recommends certificate_required alert.

Additionally, [TLS1.3]:
If the server supplies an empty Certificate message, the client MUST abort the handshake with a "decode_error" alert.

backported by

JDK-8365440 Server should not send bad_certificate alert when the client does not send any certificates

Resolved

causes

JDK-8326705 Test CertMsgCheck.java fails to find alert certificate_required

Closed

duplicates

JDK-8325079 Alerts on client auth may not conform to the RFCs

Closed

relates to

JDK-8326699 Problemlist CertMsgCheck.java

Resolved

links to

Commit openjdk/jdk/f62b5789

Commit(master) openjdk/jdk21u-dev/af098597

Review openjdk/jdk/17717

Review(master) openjdk/jdk21u-dev/932

Review(master) openjdk/jdk21u-dev/2069

(4 links to)

Assignee:: Anthony Scarpino

Reporter:: Daniel Jelinski

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2023-07-07 03:45

Updated:: 2025-08-13 01:55

Resolved:: 2024-02-26 08:51

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates