Thanks, I've created it through bugreport.java.com ( internal review ID : 9059057)
Regards, Amir On Tue, Jan 22, 2019 at 12:53 PM Xuelei Fan <xuelei....@oracle.com> wrote: > On 1/21/2019 1:29 PM, Amir Khassaia wrote: > > Thanks Xuelei, > Do you mean to create an RFE at openjdk https://bugs.openjdk.java.net/ ? > > Yes if you have an OpenJDK account. Otherwise, please use > bugreport.java.com > > Thanks, > > Xuelei > > > > On Tue, Jan 22, 2019 at 5:02 AM Xuelei Fan <xuelei....@oracle.com> wrote: > >> Hi Amir, >> >> I can see the problem for incompatible impl. Would you mind submit an >> OpenJDK enhancement for a workaround? >> >> Thanks & Regards, >> >> Xuelei >> On 1/20/2019 4:10 PM, Amir Khassaia wrote: >> >> Xuelei, >> >> I have a sample socket client for the device TLS issue but its not very >> helpful as any socket client created on top of JDK will do, the last >> problem was apparent only when talking to a specific hardware device which >> refused to negotiate TLS session (I've seen several odd TLS implementations >> that were intolerant to Java changes in various ways over the years and >> compatibility could always be assured through config changes, this time >> around less so). >> >> Some of the hardware TLS stacks can range from small oddities to being >> completely broken by small changes as they can contain outdated and poorly >> implemented TLS stacks that are very sensitive so even a small change can >> break them and thats why its always important to have levers provided to >> control almost every aspect of the handshake. >> >> I have a sample in my gist ( >> https://gist.github.com/amir-khassaia/04347ca88526f4b958b3326968a905c0), >> apologies its in Kotlin. When ran with java 8, 9, 10 there were no issues. >> With java 11 this worked on most devices but I've had a device at a remote >> location that was not in my control that I've had to diagnose the handshake >> failure on using java 11 it was intolerant to TLS 1.2 client hello from >> Java 11 but fine with TLS 1.1 as the new extensions are not present. It >> would be fine with TLS 1.2 client hello from Java 10 and earlier as I >> mentioned. >> >> Javax.net.debug output >> ------------------------------- >> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.395 >> AEDT|SSLCipher.java:437|jdk.tls.keyLimits: entry = AES/GCM/NoPadding >> KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472 >> javax.net.ssl|WARNING|01|main|2019-01-08 13:40:14.433 >> AEDT|ServerNameExtension.java:255|Unable to indicate server name >> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.433 >> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: >> server_name >> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.433 >> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: >> status_request >> javax.net.ssl|WARNING|01|main|2019-01-08 13:40:14.443 >> AEDT|SignatureScheme.java:282|Signature algorithm, ed25519, is not >> supported by the underlying providers >> javax.net.ssl|WARNING|01|main|2019-01-08 13:40:14.444 >> AEDT|SignatureScheme.java:282|Signature algorithm, ed448, is not supported >> by the underlying providers >> javax.net.ssl|INFO|01|main|2019-01-08 13:40:14.449 >> AEDT|AlpnExtension.java:161|No available application protocols >> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.449 >> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: >> application_layer_protocol_negotiation >> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.450 >> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: >> status_request_v2 >> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.453 >> AEDT|ClientHello.java:651|Produced ClientHello handshake message ( >> "ClientHello": { >> "client version" : "TLSv1.2", >> "random" : "1A BA E8 FC 59 00 AB DF 9A 1A 07 94 24 7F 34 >> 3D 0B D2 7D 10 72 52 54 CD 44 43 62 E8 8B 42 C6 68", >> "session id" : "", >> "cipher suites" : >> "[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), >> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), >> TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), >> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), >> TLS_RSA_WITH_AES_128_CBC_SHA(0x002F)]", >> "compression methods" : "00", >> "extensions" : [ >> "supported_groups (10)": { >> "versions": [secp256r1, secp384r1, secp521r1, secp160k1] >> }, >> "ec_point_formats (11)": { >> "formats": [uncompressed] >> }, >> "signature_algorithms (13)": { >> "signature schemes": [ecdsa_secp256r1_sha256, >> ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, >> rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, >> rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, >> rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, >> ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1, rsa_md5] >> }, >> "signature_algorithms_cert (50)": { >> "signature schemes": [ecdsa_secp256r1_sha256, >> ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, >> rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, >> rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, >> rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, >> ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1, rsa_md5] >> }, >> "extended_master_secret (23)": { >> <empty> >> }, >> "supported_versions (43)": { >> "versions": [TLSv1.2, TLSv1.1] >> }, >> "renegotiation_info (65,281)": { >> "renegotiated connection": [<no renegotiated connection>] >> } >> ] >> } >> ) >> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.455 >> AEDT|Alert.java:232|Received alert message ( >> "Alert": { >> "level" : "fatal", >> "description": "handshake_failure" >> } >> ) >> javax.net.ssl|ERROR|01|main|2019-01-08 13:40:14.456 >> AEDT|TransportContext.java:313|Fatal (HANDSHAKE_FAILURE): Received fatal >> alert: handshake_failure ( >> "throwable" : { >> javax.net.ssl.SSLHandshakeException: Received fatal alert: >> handshake_failure >> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128) >> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) >> at >> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308) >> at >> java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279) >> at >> java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181) >> at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) >> at >> java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152) >> at >> java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063) >> at >> java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402) >> at SslSocketClient.main(SslSocketClient.kt:47)} >> >> ) >> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.457 >> AEDT|SSLSocketImpl.java:1361|close the underlying socket >> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.457 >> AEDT|SSLSocketImpl.java:1380|close the SSL connection (initiative) >> Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received >> fatal alert: handshake_failure >> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128) >> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) >> at >> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308) >> at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279) >> at >> java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181) >> at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) >> at >> java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152) >> at >> java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063) >> at >> java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402) >> at SslSocketClient.main(SslSocketClient.kt:47) >> >> >> >> >> Wireshark TLS 1.2 Java 8 client hello >> ------------------------------------------------- >> Secure Sockets Layer >> TLSv1.2 Record Layer: Handshake Protocol: Client Hello >> Content Type: Handshake (22) >> Version: TLS 1.2 (0x0303) >> Length: 157 >> Handshake Protocol: Client Hello >> Handshake Type: Client Hello (1) >> Length: 153 >> Version: TLS 1.2 (0x0303) >> Random: 5c34044c709feae39585e4db8e41b0170fbf9fa428b38941... >> GMT Unix Time: Jan 8, 2019 13:00:44.000000000 AUS >> Eastern Daylight Time >> Random Bytes: >> 709feae39585e4db8e41b0170fbf9fa428b38941983ddb53... >> Session ID Length: 0 >> Cipher Suites Length: 44 >> Cipher Suites (22 suites) >> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 >> (0xc023) >> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >> (0xc027) >> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) >> Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 >> (0xc025) >> Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >> (0xc029) >> Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) >> Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040) >> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA >> (0xc009) >> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) >> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) >> Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) >> Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) >> Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) >> Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) >> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 >> (0xc02b) >> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 >> (0xc02f) >> Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) >> Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 >> (0xc02d) >> Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 >> (0xc031) >> Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) >> Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2) >> Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) >> Compression Methods Length: 1 >> Compression Methods (1 method) >> Compression Method: null (0) >> Extensions Length: 68 >> Extension: supported_groups (len=22) >> Type: supported_groups (10) >> Length: 22 >> Supported Groups List Length: 20 >> Supported Groups (10 groups) >> Supported Group: secp256r1 (0x0017) >> Supported Group: secp384r1 (0x0018) >> Supported Group: secp521r1 (0x0019) >> Supported Group: sect283k1 (0x0009) >> Supported Group: sect283r1 (0x000a) >> Supported Group: sect409k1 (0x000b) >> Supported Group: sect409r1 (0x000c) >> Supported Group: sect571k1 (0x000d) >> Supported Group: sect571r1 (0x000e) >> Supported Group: secp256k1 (0x0016) >> Extension: ec_point_formats (len=2) >> Type: ec_point_formats (11) >> Length: 2 >> EC point formats Length: 1 >> Elliptic curves point formats (1) >> EC point format: uncompressed (0) >> Extension: signature_algorithms (len=28) >> Type: signature_algorithms (13) >> Length: 28 >> Signature Hash Algorithms Length: 26 >> Signature Hash Algorithms (13 algorithms) >> Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603) >> Signature Hash Algorithm Hash: SHA512 (6) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: rsa_pkcs1_sha512 (0x0601) >> Signature Hash Algorithm Hash: SHA512 (6) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) >> Signature Hash Algorithm Hash: SHA384 (5) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: rsa_pkcs1_sha384 (0x0501) >> Signature Hash Algorithm Hash: SHA384 (5) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) >> Signature Hash Algorithm Hash: SHA256 (4) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: rsa_pkcs1_sha256 (0x0401) >> Signature Hash Algorithm Hash: SHA256 (4) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: SHA256 DSA (0x0402) >> Signature Hash Algorithm Hash: SHA256 (4) >> Signature Hash Algorithm Signature: DSA (2) >> Signature Algorithm: SHA224 ECDSA (0x0303) >> Signature Hash Algorithm Hash: SHA224 (3) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: SHA224 RSA (0x0301) >> Signature Hash Algorithm Hash: SHA224 (3) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: SHA224 DSA (0x0302) >> Signature Hash Algorithm Hash: SHA224 (3) >> Signature Hash Algorithm Signature: DSA (2) >> Signature Algorithm: ecdsa_sha1 (0x0203) >> Signature Hash Algorithm Hash: SHA1 (2) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: rsa_pkcs1_sha1 (0x0201) >> Signature Hash Algorithm Hash: SHA1 (2) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: SHA1 DSA (0x0202) >> Signature Hash Algorithm Hash: SHA1 (2) >> Signature Hash Algorithm Signature: DSA (2) >> Extension: extended_master_secret (len=0) >> Type: extended_master_secret (23) >> Length: 0 >> >> >> >> Wireshark Java 11 TLS 1.2 Client hello >> ---------------------------------------------------- >> Secure Sockets Layer >> TLSv1.2 Record Layer: Handshake Protocol: Client Hello >> Content Type: Handshake (22) >> Version: TLS 1.2 (0x0303) >> Length: 185 >> Handshake Protocol: Client Hello >> Handshake Type: Client Hello (1) >> Length: 181 >> Version: TLS 1.2 (0x0303) >> Random: 37f32691301b6b9d45bb62c6268915819881b8ebd95f152c... >> GMT Unix Time: Sep 30, 1999 19:00:01.000000000 AUS >> Eastern Standard Time >> Random Bytes: >> 301b6b9d45bb62c6268915819881b8ebd95f152c41c7e483... >> Session ID Length: 0 >> Cipher Suites Length: 10 >> Cipher Suites (5 suites) >> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 >> (0xc023) >> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >> (0xc027) >> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) >> Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >> (0xc029) >> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) >> Compression Methods Length: 1 >> Compression Methods (1 method) >> Compression Method: null (0) >> Extensions Length: 130 >> Extension: supported_groups (len=10) >> Type: supported_groups (10) >> Length: 10 >> Supported Groups List Length: 8 >> Supported Groups (4 groups) >> Supported Group: secp256r1 (0x0017) >> Supported Group: secp384r1 (0x0018) >> Supported Group: secp521r1 (0x0019) >> Supported Group: secp160k1 (0x000f) >> Extension: ec_point_formats (len=2) >> Type: ec_point_formats (11) >> Length: 2 >> EC point formats Length: 1 >> Elliptic curves point formats (1) >> EC point format: uncompressed (0) >> Extension: signature_algorithms (len=42) >> Type: signature_algorithms (13) >> Length: 42 >> Signature Hash Algorithms Length: 40 >> Signature Hash Algorithms (20 algorithms) >> Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) >> Signature Hash Algorithm Hash: SHA256 (4) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) >> Signature Hash Algorithm Hash: SHA384 (5) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603) >> Signature Hash Algorithm Hash: SHA512 (6) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) >> Signature Hash Algorithm Hash: Unknown (8) >> Signature Hash Algorithm Signature: Unknown (4) >> Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) >> Signature Hash Algorithm Hash: Unknown (8) >> Signature Hash Algorithm Signature: Unknown (5) >> Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) >> Signature Hash Algorithm Hash: Unknown (8) >> Signature Hash Algorithm Signature: Unknown (6) >> Signature Algorithm: rsa_pss_pss_sha256 (0x0809) >> Signature Hash Algorithm Hash: Unknown (8) >> Signature Hash Algorithm Signature: Unknown (9) >> Signature Algorithm: rsa_pss_pss_sha384 (0x080a) >> Signature Hash Algorithm Hash: Unknown (8) >> Signature Hash Algorithm Signature: Unknown (10) >> Signature Algorithm: rsa_pss_pss_sha512 (0x080b) >> Signature Hash Algorithm Hash: Unknown (8) >> Signature Hash Algorithm Signature: Unknown (11) >> Signature Algorithm: rsa_pkcs1_sha256 (0x0401) >> Signature Hash Algorithm Hash: SHA256 (4) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: rsa_pkcs1_sha384 (0x0501) >> Signature Hash Algorithm Hash: SHA384 (5) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: rsa_pkcs1_sha512 (0x0601) >> Signature Hash Algorithm Hash: SHA512 (6) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: SHA256 DSA (0x0402) >> Signature Hash Algorithm Hash: SHA256 (4) >> Signature Hash Algorithm Signature: DSA (2) >> Signature Algorithm: SHA224 ECDSA (0x0303) >> Signature Hash Algorithm Hash: SHA224 (3) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: SHA224 RSA (0x0301) >> Signature Hash Algorithm Hash: SHA224 (3) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: SHA224 DSA (0x0302) >> Signature Hash Algorithm Hash: SHA224 (3) >> Signature Hash Algorithm Signature: DSA (2) >> Signature Algorithm: ecdsa_sha1 (0x0203) >> Signature Hash Algorithm Hash: SHA1 (2) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: rsa_pkcs1_sha1 (0x0201) >> Signature Hash Algorithm Hash: SHA1 (2) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: SHA1 DSA (0x0202) >> Signature Hash Algorithm Hash: SHA1 (2) >> Signature Hash Algorithm Signature: DSA (2) >> Signature Algorithm: MD5 RSA (0x0101) >> Signature Hash Algorithm Hash: MD5 (1) >> Signature Hash Algorithm Signature: RSA (1) >> Extension: signature_algorithms_cert (len=42) >> Type: signature_algorithms_cert (50) >> Length: 42 >> Signature Hash Algorithms Length: 40 >> Signature Hash Algorithms (20 algorithms) >> Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) >> Signature Hash Algorithm Hash: SHA256 (4) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) >> Signature Hash Algorithm Hash: SHA384 (5) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603) >> Signature Hash Algorithm Hash: SHA512 (6) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) >> Signature Hash Algorithm Hash: Unknown (8) >> Signature Hash Algorithm Signature: Unknown (4) >> Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) >> Signature Hash Algorithm Hash: Unknown (8) >> Signature Hash Algorithm Signature: Unknown (5) >> Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) >> Signature Hash Algorithm Hash: Unknown (8) >> Signature Hash Algorithm Signature: Unknown (6) >> Signature Algorithm: rsa_pss_pss_sha256 (0x0809) >> Signature Hash Algorithm Hash: Unknown (8) >> Signature Hash Algorithm Signature: Unknown (9) >> Signature Algorithm: rsa_pss_pss_sha384 (0x080a) >> Signature Hash Algorithm Hash: Unknown (8) >> Signature Hash Algorithm Signature: Unknown (10) >> Signature Algorithm: rsa_pss_pss_sha512 (0x080b) >> Signature Hash Algorithm Hash: Unknown (8) >> Signature Hash Algorithm Signature: Unknown (11) >> Signature Algorithm: rsa_pkcs1_sha256 (0x0401) >> Signature Hash Algorithm Hash: SHA256 (4) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: rsa_pkcs1_sha384 (0x0501) >> Signature Hash Algorithm Hash: SHA384 (5) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: rsa_pkcs1_sha512 (0x0601) >> Signature Hash Algorithm Hash: SHA512 (6) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: SHA256 DSA (0x0402) >> Signature Hash Algorithm Hash: SHA256 (4) >> Signature Hash Algorithm Signature: DSA (2) >> Signature Algorithm: SHA224 ECDSA (0x0303) >> Signature Hash Algorithm Hash: SHA224 (3) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: SHA224 RSA (0x0301) >> Signature Hash Algorithm Hash: SHA224 (3) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: SHA224 DSA (0x0302) >> Signature Hash Algorithm Hash: SHA224 (3) >> Signature Hash Algorithm Signature: DSA (2) >> Signature Algorithm: ecdsa_sha1 (0x0203) >> Signature Hash Algorithm Hash: SHA1 (2) >> Signature Hash Algorithm Signature: ECDSA (3) >> Signature Algorithm: rsa_pkcs1_sha1 (0x0201) >> Signature Hash Algorithm Hash: SHA1 (2) >> Signature Hash Algorithm Signature: RSA (1) >> Signature Algorithm: SHA1 DSA (0x0202) >> Signature Hash Algorithm Hash: SHA1 (2) >> Signature Hash Algorithm Signature: DSA (2) >> Signature Algorithm: MD5 RSA (0x0101) >> Signature Hash Algorithm Hash: MD5 (1) >> Signature Hash Algorithm Signature: RSA (1) >> Extension: extended_master_secret (len=0) >> Type: extended_master_secret (23) >> Length: 0 >> Extension: supported_versions (len=5) >> Type: supported_versions (43) >> Length: 5 >> Supported Versions length: 4 >> Supported Version: TLS 1.2 (0x0303) >> Supported Version: TLS 1.1 (0x0302) >> Extension: renegotiation_info (len=1) >> Type: renegotiation_info (65281) >> Length: 1 >> Renegotiation Info extension >> Renegotiation info extension length: 0 >> >> >> >> >> >> >> On Mon, Jan 21, 2019 at 10:37 AM Xuelei Fan <xuelei....@oracle.com> >> wrote: >> >>> Hi Amir, >>> >>> Normally, the extension should have no impact if it cannot be recognized >>> by the server. It's good to be able to disable extensions if not >>> needed. I need to evaluate the priority of it although. Did you have a >>> simple test code that I can reproduce the issue? >>> >>> Thanks, >>> >>> Xuelei >>> On 1/20/2019 3:03 PM, Amir Khassaia wrote: >>> >>> Greetings Xuelei, >>> To follow up on this, the certificate in the connection is a red herring >>> and not important. It's actually a very unusual behaviour by >>> talk.google.com endpoint to encapsulate an error message inside a >>> certificate. >>> >>> As per the output I included: >>> >>> *"certificate" : { >>> *>* "version" : "v3", >>> *>* "serial number" : "00 90 76 89 18 E9 33 93 A0", >>> *>* "signature algorithm": "SHA256withRSA", >>> *>* "issuer" : "CN=invalid2.invalid, OU="No SNI provided; >>> *>* please fix your client."", >>> *>* "not before" : "2015-01-01 11:00:00.000 AEDT", >>> *>* "not after" : "2030-01-01 11:00:00.000 AEDT", >>> *>* "subject" : "CN=invalid2.invalid, OU="No SNI provided; >>> *>* please fix your client."",* >>> >>> This certificate simply masks the TLS interoperability issue as an >>> untrusted certificate issue. >>> >>> The fact is, some of the extensions sent by JSSE are changes to TLS 1.2 >>> to support TLS 1.3, this however affects some clients adversely in practice >>> and usually JDK provides properties to turn new enhancements off and work >>> around such behaviour, for the extensions I mentioned this is not provided >>> and hence they are always sent for client sockets unless TLSv1.2 is not in >>> use. >>> >>> The impact to us is that upgrading to JDK11 means for some endpoints or >>> devices that are not 100% compliant to the spec the security is reduced as >>> we have to now work around to drop connections to these to TLSv1.1 or >>> TLS1.0 or not to move to Java 11 at all. >>> >>> My request is simply to have all of the new extensions configurable on >>> individual basis so that they can be turned off if needed for compatibility >>> just like most other security enhancements that were delivered in the past. >>> >>> It appears some of the issues can come from >>> >>> - inclusion of RSASSA-PSS alg in TLS 1.2 handshakes but these can >>> disabled at least >>> >>> -signature_algorithms_cert and supported_versions extensions which seem >>> to be hardcoded for TLS 1.2 (I was not able to conclusively identify which >>> of these caused my troubles) >>> >>> https://tools.ietf.org/html/rfc8446#section-1.3 does say that TLS 1.2 >>> clients are affected but in an optional manner.Just today I've encountered >>> another Java 11 interop issue with TLS but this time with a physical device >>> which can have a long shelf life yet running a simple client socket >>> handshake abruptly terminates the connection upon client hello (no >>> server_hello at all), and downgrading the JRE below 11 works fine. I'm >>> including a trace for that as well: javax.net.ssl|DEBUG|01|main|2019-01-08 >>> 13:40:14.395 AEDT|SSLCipher.java:437|jdk.tls.keyLimits: entry = >>> AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472 >>> >>> javax.net.ssl|WARNING|01|main|2019-01-08 13:40:14.433 >>> AEDT|ServerNameExtension.java:255|Unable to indicate server name >>> >>> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.433 >>> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: >>> server_name >>> >>> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.433 >>> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: >>> status_request >>> >>> javax.net.ssl|WARNING|01|main|2019-01-08 13:40:14.443 >>> AEDT|SignatureScheme.java:282|Signature algorithm, ed25519, is not >>> supported by the underlying providers >>> >>> javax.net.ssl|WARNING|01|main|2019-01-08 13:40:14.444 >>> AEDT|SignatureScheme.java:282|Signature algorithm, ed448, is not supported >>> by the underlying providers >>> >>> javax.net.ssl|INFO|01|main|2019-01-08 13:40:14.449 >>> AEDT|AlpnExtension.java:161|No available application protocols >>> >>> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.449 >>> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: >>> application_layer_protocol_negotiation >>> >>> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.450 >>> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: >>> status_request_v2 >>> >>> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.453 >>> AEDT|ClientHello.java:651|Produced ClientHello handshake message ( >>> >>> "ClientHello": { >>> >>> "client version" : "TLSv1.2", >>> >>> "random" : "1A BA E8 FC 59 00 AB DF 9A 1A 07 94 24 7F 34 >>> 3D 0B D2 7D 10 72 52 54 CD 44 43 62 E8 8B 42 C6 68", >>> >>> "session id" : "", >>> >>> "cipher suites" : >>> "[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), >>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), >>> TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), >>> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), >>> TLS_RSA_WITH_AES_128_CBC_SHA(0x002F)]", >>> >>> "compression methods" : "00", >>> >>> "extensions" : [ >>> >>> "supported_groups (10)": { >>> >>> "versions": [secp256r1, secp384r1, secp521r1, secp160k1] >>> >>> }, >>> >>> "ec_point_formats (11)": { >>> >>> "formats": [uncompressed] >>> >>> }, >>> >>> "signature_algorithms (13)": { >>> >>> "signature schemes": [ecdsa_secp256r1_sha256, >>> ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, >>> rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, >>> rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, >>> rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, >>> ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1, rsa_md5] >>> >>> }, >>> >>> "signature_algorithms_cert (50)": { >>> >>> "signature schemes": [ecdsa_secp256r1_sha256, >>> ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, >>> rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, >>> rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, >>> rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, >>> ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1, rsa_md5] >>> >>> }, >>> >>> "extended_master_secret (23)": { >>> >>> <empty> >>> >>> }, >>> >>> "supported_versions (43)": { >>> >>> "versions": [TLSv1.2, TLSv1.1] >>> >>> }, >>> >>> "renegotiation_info (65,281)": { >>> >>> "renegotiated connection": [<no renegotiated connection>] >>> >>> } >>> >>> ] >>> >>> } >>> >>> ) >>> >>> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.455 >>> AEDT|Alert.java:232|Received alert message ( >>> >>> "Alert": { >>> >>> "level" : "fatal", >>> >>> "description": "handshake_failure" >>> >>> } >>> >>> ) >>> >>> javax.net.ssl|ERROR|01|main|2019-01-08 13:40:14.456 >>> AEDT|TransportContext.java:313|Fatal (HANDSHAKE_FAILURE): Received fatal >>> alert: handshake_failure ( >>> >>> "throwable" : { >>> >>> javax.net.ssl.SSLHandshakeException: Received fatal alert: >>> handshake_failure >>> >>> at >>> java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128) >>> >>> at >>> java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) >>> >>> at >>> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308) >>> >>> at >>> java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279) >>> >>> at >>> java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181) >>> >>> at >>> java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) >>> >>> at >>> java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152) >>> >>> at >>> java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063) >>> >>> at >>> java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402) >>> >>> at SslSocketClient.main(SslSocketClient.kt:47)} >>> >>> >>> ) >>> >>> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.457 >>> AEDT|SSLSocketImpl.java:1361|close the underlying socket >>> >>> javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.457 >>> AEDT|SSLSocketImpl.java:1380|close the SSL connection (initiative) >>> >>> Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received >>> fatal alert: handshake_failure >>> >>> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128) >>> >>> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) >>> >>> at >>> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308) >>> >>> at >>> java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279) >>> >>> at >>> java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181) >>> >>> at >>> java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) >>> >>> at >>> java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152) >>> >>> at >>> java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063) >>> >>> at >>> java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402) >>> >>> at SslSocketClient.main(SslSocketClient.kt:47) >>> >>> >>> >>> >>> I've sent my reply earlier but neither got it posted nor denied >>> notification so trying again. >>> >>>
