anyone have any info on this? On 7/31/19 5:46 PM, PGNet Dev wrote:
Although JDK 11 already contains TLSv1.3 protocol support.TLS 1.3 Implementation https://bugs.openjdk.java.net/browse/JDK-8202625 JDK-8145252 : JEP 332: Transport Layer Security (TLS) 1.3 https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8145252 and, 'related' bugs suggest ChaCha20 cipher support is 'in', JDK-8153029 : ChaCha20 Cipher Implementation (11 b17, "Fixed") https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8140466 JDK-8140466 : ChaCha20 and Poly1305 TLS Cipher Suites https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8140466 (12 b12, "Fixed") TLSv1.3 connections via JDBC, using TSLv1.3 + its ChaCha20 cipher FAILed here, Error: Unsupported SSL cipher 'TLS_CHACHA20_POLY1305_SHA256' It appears that JDK 11 release supports only 2 of the 3 default TLSv1.3 ciphersuites, https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names ... 0x13,0x01 TLS_AES_128_GCM_SHA256 Yes No N/A TLSv1.3 RFC 8446 0x13,0x02 TLS_AES_256_GCM_SHA384 Yes No N/A TLSv1.3 RFC 8446 ... JDK12 adds ChaCha20 support, https://docs.oracle.com/en/java/javase/12/docs/specs/security/standard-names.html#jsse-cipher-suite-names ... 0x13,0x01 TLS_AES_128_GCM_SHA256 Yes No N/A TLSv1.3 RFC 8446 0x13,0x02 TLS_AES_256_GCM_SHA384 Yes No N/A TLSv1.3 RFC 84460x13,0x03 TLS_CHACHA20_POLY1305_SHA256 No No N/A TLSv1.3 RFC 7905... TLSv1.2/ChaCha20 connections with BOTH JDK 11 & 12 clients work. ONLY, TLSv1.3/ChaCha20 connections with JDK 12 client work without error. Is there a current plan/work to backport TLSv1.3/ChaCha20 support to JDK 11 LTS so it, too, can provide 'full' TLSv1.3 ciphersuite support?
