Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8239594

jdk.tls.client.protocols is not respected

    Details

    • Subcomponent:
    • Resolved In Build:
      b19
    • Verification:
      Verified

      Description

      ADDITIONAL SYSTEM INFORMATION :
      Tested in OpenJDK 13 and also 11.0.6+10.

      A DESCRIPTION OF THE PROBLEM :
      According to https://www.java.com/en/configure_crypto.html setting the system property jdk.tls.client.protocols should "enable specific TLS protocols on the client, specify them in a comma-separated list within quotation marks; all other supported protocols are then disabled on the client".
      But this is not the case.
      The property is evaluated according to a breakpoint I set, but it has no effect.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Start JShell and execute:

      System.setProperty("javax.net.debug", "ssl:handshake:verbose")
      System.setProperty("jdk.tls.client.protocols", "TLSv1.2")
      java.net.http.HttpClient.newBuilder().build().send(java.net.http.HttpRequest.newBuilder(new java.net.URI("https://tls1.3speaking.url")).GET().build(), java.net.http.HttpResponse.BodyHandlers.ofString()).body()


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      TLS1.2 being used
      ACTUAL -
      javax.net.ssl|DEBUG|1A|HttpClient-6-Worker-0|2020-02-14 14:24:03.229 CET|ClientHello.java:653|Produced ClientHello handshake message (
      "ClientHello": {
      ...
          "supported_versions (43)": {
            "versions": [TLSv1.3, TLSv1.2]
          },
      ...
      javax.net.ssl|DEBUG|1A|HttpClient-6-Worker-0|2020-02-14 14:24:03.245 CET|ServerHello.java:871|Consuming ServerHello handshake message (
      "ServerHello": {
      ...
          "supported_versions (43)": {
            "selected version": [TLSv1.3]
      ...
      javax.net.ssl|DEBUG|1A|HttpClient-6-Worker-0|2020-02-14 14:24:03.245 CET|ServerHello.java:967|Negotiated protocol version: TLSv1.3


      CUSTOMER SUBMITTED WORKAROUND :
      Disable TLS1.3 completely in the runtime using jdk.tls.disabledAlgorithms in conf/security/java.security mentioned on the same page.

      FREQUENCY : always


        Attachments

        1. google-jdk11.txt
          20 kB
        2. google-jdk13.txt
          25 kB
        3. Main.java
          1 kB

          Issue Links

          There are no Sub-Tasks for this issue.

            Activity

              People

              • Assignee:
                ryadav Rahul Yadav
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: