Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8241360 BoringSSL rejects JSSE TLS 1.3 https connections when status_request extension is disabled
  3. JDK-8244655

Release Note: BoringSSL Rejects JSSE TLS 1.3 HTTPS Connections When status_request Extension Is Disabled

    XMLWordPrintable

    Details

      Description

      BoringSSL is an SSL library deployed on some popular websites such as those run by Google/YouTube. An interoperability issue with the BoringSSL library can lead to a connection failure if TLSv1.3 is presented as the only enabled protocol in the ClientHello message and the certificate status_request extension is disabled. Enabling the certificate status_request extension by setting the `jdk.tls.client.enableStatusRequestExtension` system property to `true` will provide mitigation in such scenarios.

        Attachments

          Activity

            People

            Assignee:
            pkoppula Prasadarao Koppula
            Reporter:
            pkoppula Prasadarao Koppula
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: