Details
-
Type:
Sub-task
-
Status: Closed
-
Priority:
P4
-
Resolution: Delivered
-
Affects Version/s: 8u261, 11
-
Fix Version/s: 11
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
-
Verification:Verified
Description
BoringSSL is an SSL library deployed on some popular websites such as those run by Google/YouTube. An interoperability issue with the BoringSSL library can lead to a connection failure if TLSv1.3 is presented as the only enabled protocol in the ClientHello message and the certificate status_request extension is disabled. Enabling the certificate status_request extension by setting the `jdk.tls.client.enableStatusRequestExtension` system property to `true` will provide mitigation in such scenarios.