Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8254631

Better support ALPN byte wire values in SunJSSE

    XMLWordPrintable

    Details

      Backports

        Description

        As pointed out here:

        https://mail.openjdk.java.net/pipermail/security-dev/2020-October/022750.html

        SunJSSE does not handle String conversion to byte[] well, and thus can't represent some of the GREASE values (RFC 8701: https://tools.ietf.org/rfcmarkup?doc=8701 )

        For our implementation currently:

        1. Client can't send valid GREASE values. We'll send a UTF-8 representation which won't be recognized by peers as GREASE.

        2. Server shouldn't crash, but will not report to our API consumers that GREASE values were received.

        [Update 11/24/2020-after further experimentation/bug fixing]

        JSSE Client will send >0x7F bytes encoded as 2-4 UTF-8 bytes, which will only be recognized by JSSE peers. Other impls may not know how to decode.

        For JSSE Server, there are two cases:

        1. it can receive >0x7F either as 2-4 UTF-8 bytes (correct value returned in String to app), or
        2. as an incorrectly formatted UTF-8. In that case, default "?" value returned to app.

        For the first case, *IF* the server selects a ALPN value that contains a character with a >0x7F value, the app will crash when trying to create the ALPN extension reply.

        Evaluate possible approaches.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                wetmore Bradford Wetmore
                Reporter:
                wetmore Bradford Wetmore
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: