[8u] TLSv1.3 RFR: 8245476: Disable TLSv1.3 protocol in the ClientHello message by default
Alexey Bakhtin
alexey at azul.com
Thu Jul 16 14:49:55 UTC 2020
Changes in the default client cipher suites also requires fixes in the following tests:
- javax/net/ssl/SSLSession/ResumeTLS13withSNI.java
- javax/net/ssl/SSLSocket/Tls13PacketSize.java
- javax/net/ssl/Stapling/HttpsUrlConnClient.java
- javax/net/ssl/Stapling/SSLEngineWithStapling.java
- javax/net/ssl/Stapling/SSLSocketWithStapling.java
- javax/net/ssl/Stapling/StapleEnableProps.java
- javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java
- javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
These tests do not update list of supported cipher suites for the TLSv1.3 protocol
The fix could be simple :
add -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3”
in the test run notation
It should be done as part of test subtask JDK-8245681
Regards
Alexey
> On 16 Jul 2020, at 13:25, Alexey Bakhtin <alexey at azul.com> wrote:
>
> Hello Martin,
>
> TLSv1.3, 1.2 and 1.1 contexts are different because of we selected highest protocol explicitly, so return cipher suites for these protocol set only.
> My approach requires less configuration from application point of view.
> However you are right, this approach could be also misleading if default cipher and protocol set not match each other.
>
> Updated webrev at : http://cr.openjdk.java.net/~abakhtin/tls1.3/8245466/8245476/webrev.v1/
>
>
> Regards
> Alexey
>
More information about the jdk8u-dev
mailing list