[JDK-8244655] Release Note: BoringSSL Rejects JSSE TLS 1.3 HTTPS Connections When status_request Extension Is Disabled - Java Bug System

XML

Word

Printable

Details

Type: Sub-task
Status: Closed
Priority: P4
Resolution: Delivered
Affects Version/s: 8u261, 11
Fix Version/s: 11
Component/s: security-libs
Labels:
- RN-KnownIssue
- release-note

Subcomponent:
javax.net.ssl
Verification:
Verified

Description

BoringSSL is an SSL library deployed on some popular websites such as those run by Google/YouTube. An interoperability issue with the BoringSSL library can lead to a connection failure if TLSv1.3 is presented as the only enabled protocol in the ClientHello message and the certificate status_request extension is disabled. Enabling the certificate status_request extension by setting the `jdk.tls.client.enableStatusRequestExtension` system property to `true` will provide mitigation in such scenarios.

Attachments

Activity

People

Assignee:: Prasadarao Koppula

Reporter:: Prasadarao Koppula

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2020-05-08 07:07

Updated:: 2021-12-02 09:21

Resolved:: 2020-08-05 10:09