Is TLS1.3 support missing the "certificate_authorities" extension?

Andrew Leonard andrew_m_leonard at
Tue Jan 15 09:03:22 UTC 2019

Re-posting this question..

Isn't the "certificate_authorities" extension mandatory for TLS1.3?

There's a known typo in 
which from this comment: 
indicates section was a typo and "certificate_authorities" should 
be used instead of "trusted_ca_keys" 

Should JDK-8206925 be a "bug"? Thoughts? 

Many thanks

Andrew Leonard
Java Runtimes Development
IBM Hursley
IBM United Kingdom Ltd
Phone internal: 245913, external: 01962 815913
internet email: andrew_m_leonard at 

Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security-dev mailing list