[8u] RFR : TLSv1.3 protocol support

[Martin Balao]

Hi Alexey,

Below this email you'll find my independent list of the bugs covered
under Step 1 (8245468). This list is based on what Oracle backported to
their closed 8u261 (related to TLS 1.3). There may be bugs missing
because our file-replacement approach may have dragged more things
implicitly.

Can you please merge this list with the list you have and tell me the
diff? (so I can double-check the additions)

We need this list to be part of the commit message, so we document -in a
best-effort manner- what is under the scope.

In addition to documentation, going through each of these bugs was
useful to check that: 1) nothing was missing, and 2) find patches that
may have impact out of sun/security/ssl directory.

NOTE: the list does not include purely-test patches because they are not
covered under Step 1. I'll have a separate list later.

Below this email you'll also find a list of (non-vulnerability) patches
introduced between 11.0.7 and 11.0.8, which are not under the scope of
the work being done. We will need to backport each of them independently.

Thanks,
Martin.-

--

Step 1 (8245468) COVERED - 11.0.7
..............................

 * JDK-8212885: TLS 1.3 resumed session does not retain peer certificate
chain
 * JDK-8211806: TLS 1.3 handshake server name indication is missing on a
session resume
 * JDK-8207009: TLS 1.3 half-close and synchronization issues
 * JDK-8211866: TLS 1.3 CertificateRequest message sometimes offers
disallowed signature algorithms
 * JDK-8210334: TLS 1.3 server fails if ClientHello doesn't have
pre_shared_key and psk_key_exchange_modes
 * JDK-8214688: TLS 1.3 session resumption with hello retry request
failed with "illegal_parameter"
 * JDK-8210846: TLSv.1.3 interop problems with OpenSSL 1.1.1 when used
on the client side with mutual auth
 * JDK-8217610: TLSv1.3 fail with ClassException when EC keys are stored
in PKCS11
 * JDK-8221253: TLSv1.3 may generate TLSInnerPlainText longer than
2^14+1 bytes
 * JDK-8216045: The size of key_exchange may be wrong on FFDHE
 * JDK-8209965: The "supported_groups" extension in ServerHellos
 * JDK-8214098: sun.security.ssl.HandshakeHash.T12HandshakeHash
constructor check backwards.
 * JDK-8208166: Still unable to use custom SSLEngine with default
TrustManagerFactory after JDK-8207029
 * JDK-8214339: SSLSocketImpl erroneously wraps SocketException
 * JDK-8207237: SSLSocket#setEnabledCipherSuites is accepting empty string
 * JDK-8216326: SSLSocket stream close() does not close the associated
socket
 * JDK-8206355: SSLSessionImpl.getLocalPrincipal() throws NPE
 * JDK-8207317: SSLEngine negotiation fail exception behavior changed
from fail-fast to fail-lazy
 * JDK-8145854: SSLContextImpl.statusResponseManager should be generated
if required
 * JDK-8214129: SSL session resumption/SNI with TLS1.2 causes
StackOverflowError
 * JDK-8207223: SSL Handshake failures are reported with more generic
SSLException
 * JDK-8210989: RSASSA-PSS certificate cannot be selected for client
auth on TLSv1.2
 * JDK-8165275: Replace the reflective call to the implUpdate method in
HandshakeMessage::digestKey
 * JDK-8206176: Remove the temporary tls13VN field
 * JDK-8213202: Possible race condition in TLS 1.3 session resumption
 * JDK-8213782: NullPointerException in
sun.security.ssl.OutputRecord.changeWriteCiphers
 * JDK-8209916: NPE in SupportedGroupsExtension
 * JDK-8210974: No extensions debug log for ClientHello
 * JDK-8214321: Misleading code in SSLCipher
 * JDK-8236039: JSSE Client does not accept status_request extension in
CertificateRequest messages for TLS 1.3
 * JDK-8028518: Increase the priorities of GCM cipher suites
 * JDK-8212738: Incorrectly named signature scheme ecdsa_secp512r1_sha512
 * JDK-8215524: Finished message validation failure should be
decrypt_error alert
 * JDK-8221270: Duplicated synchronized keywords in SSLSocketImpl
 * JDK-8215790: Delegated task created by SSLEngine throws
java.nio.BufferUnderflowException
 * JDK-8219389: Delegated task created by SSLEngine throws
BufferUnderflowException
 * JDK-8225766: Curve in certificate should not affect signature scheme
when using TLSv1.3
 * JDK-8206929: Check session context for TLS 1.3 session resumption
 * JDK-8229733: TLS message handling improvements
 * JDK-8207029: Unable to use custom SSLEngine with default
TrustManagerFactory after updating to JDK 11 b21
 * JDK-8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after
removing sunec.dll
 * JDK-8223482: Unsupported ciphersuites may be offered by a TLS client
 * JDK-4919790: Errors in alert ssl message does not reflect the actual
certificate status
 * JDK-8218889: Improperly use of the Optional API

MISSING 11.0.8 - important
..............................

 * JDK-8239798: SSLSocket closes socket both socket endpoints on a
SocketTimeoutException
 * JDK-8223940: Private key not supported by chosen signature algorithm
 * JDK-8211339: NPE during SSL handshake caused by HostnameChecker
 * JDK-8242141: New System Properties to configure the TLS signature schemes
 * JDK-8215711: Missing key_share extension for (EC)DHE key exchange
should alert missing_extension
 * JDK-8237474: Default SSLEngine should create in server role
 * JDK-8234728: Some security tests should support TLSv1.3
 * JDK-8234725: sun/security/ssl/SSLContextImpl tests support TLSv1.3
 * JDK-8205653:
test/jdk/sun/management/jmxremote/bootstrap/RmiRegistrySslTest.java and
RmiSslBootstrapTest.sh fail with handshake_failure
 * JDK-8209333: Socket reset issue for TLS 1.3 socket close
 * JDK-8228757: Fail fast if the handshake type is unknown
 * JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions
 * JDK-8235311: Tag mismatch may alert bad_record_mac
 * JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
 * JDK-8235874: The ordering of Cipher Suites is not maintained provided
through "jdk.tls.client.cipherSuites" and "jdk.tls.server.cipherSuites"
system property.
 * JDK-8205111: Develop new Test to verify different key types for
supported TLS protocols.
 * JDK-8235183: Remove the "HACK CODE" in comment

MISSING 11.0.8 - not SSL strictly but related
..............................

 * JDK-7092821: java.security.Provider.getService() is synchronized and
became scalability bottleneck
 * JDK-8148188: Enhance the security libraries to record events of interest