Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8246073

Not loading TLS 1.3 ciphers in the absence of setEnabledCipherSuites() call

    XMLWordPrintable

    Details

    • Subcomponent:
    • Introduced In Build:
      b05
    • Introduced In Version:
    • CPU:
      generic
    • OS:
      generic

      Description

      Suppose server supports all protocols(TLSv1, TLSv1.1, TLSv1.2, TLSv1.3) and client supports only TLSv1.3 which sets using setEnabledProtocols() API, then handshake fails.

      Attached the reproducible test case.
      Command to execute test: java ServerClientSSLSocket

      This issue started from JDK8u261 b05 onwards and introduced by task JDK-8243682.
      It's reproducible in JDK8u261 b09 also.
      It's not reproducible in JDK11 or JDK15

      Exception message:
      Exception in thread "main" javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
      at sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:171)
      at sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:101)
      at sun.security.ssl.TransportContext.kickstart(TransportContext.java:222)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:389)
      at sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:718)
      at sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl.java:74)
      at sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:801)
      at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
      at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
      at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
      at java.io.InputStreamReader.read(InputStreamReader.java:184)
      at java.io.BufferedReader.fill(BufferedReader.java:161)
      at java.io.BufferedReader.readLine(BufferedReader.java:324)
      at java.io.BufferedReader.readLine(BufferedReader.java:389)
      at ServerClientSSLSocket.doClientSide(ServerClientSSLSocket.java:58)
      at ServerClientSSLSocket.main(ServerClientSSLSocket.java:71)

      Attached full debug log.

      Workaround :
      Set specific cipher suite using setEnabledCipherSuites() API
      eg: sslSocket.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256"});
      or
      Run the program with property -Djdk.tls.client.protocols=TLSv1.3

        Attachments

          Activity

            People

            Assignee:
            pkoppula Prasadarao Koppula
            Reporter:
            akolarkunnu Abdul Kolarkunnu
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: