Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8209982

SSL handshake fails on an (apparently) correct certificate, working in jdk10

    Details

    • Subcomponent:
    • Introduced In Version:
      11
    • CPU:
      x86_64
    • OS:
      linux

      Description

      ADDITIONAL SYSTEM INFORMATION :
      Tested in windows 10 and linux

      A DESCRIPTION OF THE PROBLEM :
      This handshake fails with message "extension (10) should not be presented in server_hello"

              URL obj = new URL("https://sis.redsys.es/sis/realizarPago");
              HttpURLConnection con = (HttpURLConnection) obj.openConnection();
              con.setRequestMethod("GET");
              int responseCode = con.getResponseCode();

      It was working in jdk 10 or previous. This URL also works in any browser.

      Tested in Jdk11 EA and latest release candidate (28)

      REGRESSION : Last worked in version 10.0.2

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Execute
              HttpURLConnection con = (HttpURLConnection) new URL("https://sis.redsys.es/sis/realizarPago").openConnection();
              con.setRequestMethod("GET");
              int responseCode = con.getResponseCode();

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      responseCode should be 200, no certificate errors
      ACTUAL -
      An error is thrown:

      extension (10) should not be presented in server_hello
      javax.net.ssl.SSLHandshakeException: extension (10) should not be presented in server_hello
      at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
      at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
      at java.base/sun.security.ssl.SSLExtensions.<init>(SSLExtensions.java:71)
      at java.base/sun.security.ssl.ServerHello$ServerHelloMessage.<init>(ServerHello.java:173)
      at java.base/sun.security.ssl.ServerHello$ServerHelloConsumer.consume(ServerHello.java:864)
      at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
      at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)
      at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
      at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
      at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
      at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
      at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
      at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
      at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1581)
      at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509)
      at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
      at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:329)

      ---------- BEGIN SOURCE ----------
      package com.test;

      import java.net.HttpURLConnection;
      import java.net.URL;

      public class HandshakeFail {

          public static void main(String[] args) throws Exception {
              HttpURLConnection con = (HttpURLConnection) new URL("https://sis.redsys.es/sis/realizarPago").openConnection();
              con.setRequestMethod("GET");
              int responseCode = con.getResponseCode();
          }
      }

      ---------- END SOURCE ----------

      FREQUENCY : always


        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                xuelei Xue-Lei Fan
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: