On Wed, Dec 12, 2018 at 04:21:43PM -0600, David Benjamin wrote: > We have one more update for you all on TLS 1.3 deployment issues. Over the > course of deploying TLS 1.3 to Google servers, we found that JDK 11 > unfortunately implemented TLS 1.3 incorrectly. On resumption, it fails to > send the SNI extension. This means that the first connection from a JDK 11 > client will work, but subsequent ones fail. > https://bugs.openjdk.java.net/browse/JDK-8211806
I'm told that OpenSSL accidentally takes the SNI from the initial connection on resumption if there's no SNI in the resumption. This seems like a very good workaround for the buggy JDK 11 TLS 1.3 client, as it has no fingerprinting nor downgrade considerations. If the server rejects resumption I guess the client would still fail, but this is much better than failing at 100% of all resumptions and better than adding fingerprinting and downgrades. Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
