If it’s an alert from the server it’s not your Java program which „spots the unusual extension“. It’s more like your custom extensions sent are not correct to the servers interpretation. Did you maybe hardcode signatures or such?
Gruss
Bernd
--
http://bernd.eckenfels.net
Von: Filip Petr. <filipakanat...@gmail.com>
Gesendet: Freitag, September 1, 2023 10:42 AM
An: security-dev@openjdk.org <security-dev@openjdk.org>; e...@zusammenkunft.net <e...@zusammenkunft.net>
Betreff: Re: Modification of Client hello TLS packet
Gesendet: Freitag, September 1, 2023 10:42 AM
An: security-dev@openjdk.org <security-dev@openjdk.org>; e...@zusammenkunft.net <e...@zusammenkunft.net>
Betreff: Re: Modification of Client hello TLS packet
The alerts I'm getting are coming from some random web server i'm hitting and i dont know its architecture. In this error traces I'm submitting it's www.google.com but it happens for every other domain I'm trying to hit. It seems that my java app and my client side program is glitching as it's spotting some unusual extensions that I additionally added. I want it to adapt so it doesn't throw errors on them but rather just send them in client hello and act as if nothing has happened unusual.
The ALPN extensions are matched according to Google Chrome's same ones that it's sending in ClientHello.
The traces errors are in following link: https://pastebin.com/raw/6qmeg85H
I appreciate all the help!
The ALPN extensions are matched according to Google Chrome's same ones that it's sending in ClientHello.
The traces errors are in following link: https://pastebin.com/raw/6qmeg85H
I appreciate all the help!
