javax.net.debug output lost client hello extensions in JDK 11.0.2

Amir Khassaia amir.khassaia at gmail.com
Wed Feb 13 23:58:09 UTC 2019 

Hi, I'd like to report a bug that may confuse others as they diagnose TLS
handshakes.

The extension logging seems to be affected in JDK 11.0.2, these come up as
empty in client hello (see below) from Oracle JDK 11.0.2
==========================
javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:48.620
AEDT|SSLCipher.java:437|jdk.tls.keyLimits:  entry = AES/GCM/NoPadding
KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|WARNING|01|main|2019-02-14 10:51:50.357
AEDT|ServerNameExtension.java:255|Unable to indicate server name
javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.357
AEDT|SSLExtensions.java:256|Ignore, context unavailable extension:
server_name
javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.358
AEDT|SSLExtensions.java:256|Ignore, context unavailable extension:
status_request
javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.361
AEDT|SupportedGroupsExtension.java:841|Ignore inactive or disabled named
group: secp160k1
javax.net.ssl|WARNING|01|main|2019-02-14 10:51:50.486
AEDT|SignatureScheme.java:282|Signature algorithm, ed25519, is not
supported by the underlying providers
javax.net.ssl|WARNING|01|main|2019-02-14 10:51:50.486
AEDT|SignatureScheme.java:282|Signature algorithm, ed448, is not supported
by the underlying providers
javax.net.ssl|INFO|01|main|2019-02-14 10:51:50.513
AEDT|AlpnExtension.java:161|No available application protocols
javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.514
AEDT|SSLExtensions.java:256|Ignore, context unavailable extension:
application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.514
AEDT|SSLExtensions.java:256|Ignore, context unavailable extension:
status_request_v2
javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.516
AEDT|ClientHello.java:651|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "3E 3B 04 98 F4 65 C7 CF 2B B2 30 EA AE CE 7D C5
51 45 C4 A9 CB D6 F2 39 3F 52 46 77 BE 28 EC 06",
  "session id"          : "",
  "cipher suites"       :
"[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B),
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F),
TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C),
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D),
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031),
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E),
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C),
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013),
TLS_RSA_WITH_AES_128_CBC_SHA(0x002F),
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032)]",
  "compression methods" : "00",
  "extensions"          : [

  ]
}
)

Notice empty extensions, these are actually there on the wire (checked with
wireshark).

This previously appeared to work, just checked with OpenJDK 11.0.1 and I
get them:

javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:54.261
AEDT|SSLCipher.java:437|jdk.tls.keyLimits:  entry = AES/GCM/NoPadding
KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|WARNING|01|main|2019-02-14 10:54:56.491
AEDT|ServerNameExtension.java:255|Unable to indicate server name
javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.492
AEDT|SSLExtensions.java:235|Ignore, context unavailable extension:
server_name
javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.492
AEDT|SSLExtensions.java:235|Ignore, context unavailable extension:
status_request
javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.494
AEDT|SupportedGroupsExtension.java:841|Ignore inactive or disabled named
group: secp160k1
javax.net.ssl|WARNING|01|main|2019-02-14 10:54:56.546
AEDT|SignatureScheme.java:282|Signature algorithm, ed25519, is not
supported by the underlying providers
javax.net.ssl|WARNING|01|main|2019-02-14 10:54:56.546
AEDT|SignatureScheme.java:282|Signature algorithm, ed448, is not supported
by the underlying providers
javax.net.ssl|INFO|01|main|2019-02-14 10:54:56.575
AEDT|AlpnExtension.java:161|No available application protocols
javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.576
AEDT|SSLExtensions.java:235|Ignore, context unavailable extension:
application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.576
AEDT|SSLExtensions.java:235|Ignore, context unavailable extension:
status_request_v2
javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.577
AEDT|SSLExtensions.java:235|Ignore, context unavailable extension:
renegotiation_info
javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.582
AEDT|ClientHello.java:651|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "4E 23 00 5E 22 D3 0D 78 D0 97 B5 E1 16 FB E3 92
B5 90 B0 8E 30 89 BC 72 BA F1 B7 94 71 E7 E8 80",
  "session id"          : "",
  "cipher suites"       :
"[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B),
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F),
TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C),
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D),
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031),
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E),
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C),
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013),
TLS_RSA_WITH_AES_128_CBC_SHA(0x002F),
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032),
TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
  "extensions"          : [
    "supported_groups (10)": {
      "versions": [secp256r1, secp384r1, secp521r1]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,
ecdsa_secp512r1_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384,
rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,
ecdsa_secp512r1_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384,
rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.2, TLSv1.1, TLSv1]
    }
  ]
}
)

Regards,
Amir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190214/1d6ef80f/attachment.htm>

More information about the security-dev mailing list