Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8220564

SNI Extension not included in TLS1.3 ClientHello

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Duplicate
    • Affects Version/s: 11
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:

      Description

      ADDITIONAL SYSTEM INFORMATION :
      {{openjdk version "11" 2018-09-25}}
      {{OpenJDK Runtime Environment 18.9 (build 11+28)}}
      {{OpenJDK 64-Bit Server VM 18.9 (build 11+28, mixed mode)}}

      But the behavior is also present on macOS

      A DESCRIPTION OF THE PROBLEM :
      I am experiencing a similar issue to JDK-8211806. I've uploaded the relevant part of a connection made with {{-Djavax.net.debug=ssl}} here: https://gist.github.com/UsmannK/94c7d360637b1a5534389e1326882133. Similar to the cited issue I see:

      {{javax.net.ssl|DEBUG|2B|Keep-Alive-Timer|2018-11-12 13:48:29.580 PST|SSLSocketImpl.java:1380|close the SSL connection (passive)}}
      {{javax.net.ssl|DEBUG|01|main|2018-11-12 13:48:29.593 PST|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=www.googleapis.com) was replaced with (type=host_name (0), value=www.googleapis.com)}}

      Followed eventually by
      {{javax.net.ssl|WARNING|01|main|2018-11-12 13:48:29.595 PST|ServerNameExtension.java:255|Unable to indicate server name}}

      And a ClientHello that, using TLSv1.2, advertises TLSv1.3 as a supported version but does not include an SNI extension. In response, Google agrees, using TLSv1.2, to select 1.3 then immediately follows up with a dummy cert that has an error saying we did not specify SNI.

      Of note is that this is immediately after a previous successful connection, so I think it is a connection resume like in the linked bug. That part I'm unsure about.

      REGRESSION : Last worked in version 8u181


      FREQUENCY : often


        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                psonal Pallavi Sonal
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: