FIPS 140.2 enabled TLS server rejects clients sending SSLv3 as record version in ClientHello
Christian Schaefer
christian.schaefer at microfocus.com
Mon Oct 14 08:41:25 UTC 2019
Hi all,
We have TLS connection issues when the server (openjdk version "1.8.0_222") runs in FIPS 140.2 mode. The error thrown on the server is:
"javax.net.ssl.SSLException: Unsupported record version SSLv3" (which originates from: sun.security.ssl.InputRecord.checkRecordVersion(...))
This error only happens when the server JRE runs in FIPS 140.2 mode. This is because of the following code in class sun.security.ssl.ProtocolVersion:
"
// minimum version we implement (SSL 3.0)
final static ProtocolVersion MIN = FIPS ? TLS10 : SSL30;
"
Our server *only* allows TLS 1.2 as TLS protocol version, however, If I have the correct understanding of the TLS 1.2 specification enforcing a record version of (at least ) TLS10 seems to violate the specification (https://tools.ietf.org/html/rfc5246#appendix-E.1):
"
[...] Thus, TLS servers compliant with this specification MUST accept any value {03,XX} as
the record layer version number for ClientHello. [...]
(Appendix E. Backward Compatibility - E.1. Compatibility with TLS 1.0/1.1 and SSL 3.0)
"
Is this something which should be fixed in the JRE? Or is the behavior of the client wrong?
Thanks,
Christian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20191014/51fb2961/attachment.htm>
More information about the security-dev
mailing list