JDK11 Bug with SSLv3

Mon, 10 Dec 2018 11:59:25 -0800 

Hi,
i am not sure if there is already an bug opened. But i found an error in the SSL-Socket handling. If the ssl client socket enabled SSLv3-TLSv1.2 and the server select SSLv3 the client later on send an "RSA ClientKeyExchange" with version TLSv1.2. I added the relevant parts of the debug log. If there is no bug opened yet i can provide an sample with client/server that demonstrate the bug 
and can maybe used for regression tests.

Gruß Thomas Lußnig
2018-12-10T12:16:41.666 javax.net.ssl|DEBUG|15|https://fqdn/path)|2018-12-10 12:16:41.666 CET|ClientHello.java:651|Produced ClientHello handshake message ( 
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "90 B4 FF B0 8E C8 FA 3F D8 15 A3 73 13 78 38 D5 3A FB 49 68 28 ED B1 95 3C 3E 24 0C DD 64 A2 95", 
  "session id"          : "",
  "cipher suites"       : "[SSL_RSA_WITH_3DES_EDE_CBC_SHA(0x000A), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]", 
  "compression methods" : "00",
  ...
2018-12-10T12:16:41.688 javax.net.ssl|DEBUG|15|https://fqdn/path)|2018-12-10 12:16:41.688 CET|ServerHello.java:866|Consuming ServerHello handshake message ( 
"ServerHello": {
  "server version"      : "SSLv3",
  "random"              : "5C 37 37 A9 EA DD D7 67 28 15 D3 DF 5F 3F 13 E2 34 88 93 67 16 FD 4F 76 A6 08 11 BE 36 E3 B4 26",   "session id"          : "1D 5F B9 F7 EC DE 8E D9 38 52 AB FF 04 A1 24 1D", 
  "cipher suite"        : "SSL_RSA_WITH_3DES_EDE_CBC_SHA(0x000A)",
  "compression methods" : "00",
  "extensions"          : [
    <no extension>
  ]
}
)
2018-12-10T12:16:41.699 javax.net.ssl|DEBUG|15|https://fqdn/path)|2018-12-10 12:16:41.699 CET|CertificateMessage.java:358|Consuming server Certificate handshake message ( 
"Certificates": [
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "02 6F D4 BA 63 70 2F 13 00 91 5D E4",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "CN=VR IDENT CLASS 3 CA 2010, OU=VR IDENT, O=GAD EG, C=DE", 
    "not before"         : "2017-07-20 01:33:58.000 CEST",
    ...
2018-12-10T12:16:41.854 javax.net.ssl|DEBUG|15|https://fqdn/path)|2018-12-10 12:16:41.853 CET|X509TrustManagerImpl.java:242|Found trusted certificate ( 
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "02 6F D4 BA 63 70 2F 13 00 91 5D E4",
    ...
2018-12-10T12:16:41.856 javax.net.ssl|DEBUG|15|https://fqdn/path)|2018-12-10 12:16:41.856 CET|RSAClientKeyExchange.java:195|Produced RSA ClientKeyExchange handshake message ( 
"RSA ClientKeyExchange": {
  "client_version":  TLSv1.2
  "encncrypted": {
    0000: 52 2E C4 EB 8C 65 06 77   47 5D 9E 10 56 95 8A 6E R....e.wG]..V..n     0010: 03 D0 70 8D 73 51 93 F7   8B F7 73 55 25 AC E4 0C ..p.sQ....sU%...     0020: 34 68 26 01 E0 40 64 B5   82 C6 1C 7C 04 81 E3 15 4h&..@d......... 
    ...

Reply via email to