FIPS 140.2 enabled TLS server rejects clients sending SSLv3 as record version in ClientHello

Christian Schaefer christian.schaefer at microfocus.com
Mon Oct 14 08:41:25 UTC 2019


Hi all,

We have TLS connection issues when the server (openjdk version "1.8.0_222") runs in FIPS 140.2 mode. The error thrown on the server is:

"javax.net.ssl.SSLException: Unsupported record version SSLv3" (which originates from: sun.security.ssl.InputRecord.checkRecordVersion(...))

This error only happens when the server JRE runs in FIPS 140.2 mode. This is because of the following code in class sun.security.ssl.ProtocolVersion:

"
    // minimum version we implement (SSL 3.0)
    final static ProtocolVersion MIN = FIPS ? TLS10 : SSL30;
"

Our server *only* allows TLS 1.2 as TLS protocol version, however, If I have the correct understanding of the TLS 1.2 specification enforcing a record version of (at least ) TLS10 seems to violate the specification (https://tools.ietf.org/html/rfc5246#appendix-E.1):

"
   [...] Thus, TLS servers compliant with this specification MUST accept any value {03,XX} as
   the record layer version number for ClientHello. [...]

(Appendix E.  Backward Compatibility - E.1.  Compatibility with TLS 1.0/1.1 and SSL 3.0)
"

Is this something which should be fixed in the JRE? Or is the behavior of the client wrong?

Thanks,

Christian.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20191014/51fb2961/attachment.html>


More information about the security-dev mailing list