FIPS 140.2 enabled TLS server rejects clients sending SSLv3 as record version in ClientHello
Xuelei Fan
xuelei.fan at oracle.com
Mon Oct 14 16:21:14 UTC 2019
If the client uses SSL 3.0 as the record version number, it normally
means that the client support SSL 3.0. Since TLS 1.0, the spec is clear
about the record version value. I don't think SSL 3.0 is acceptable in
FIPS certified circumstances.
Personally, I don't think it is a priority to fix in JDK unless there is
a requirement in practice.
Regards,
Xuelei
On 10/14/2019 1:41 AM, Christian Schaefer wrote:
> Hi all,
>
> We have TLS connection issues when the server (openjdk version
> "1.8.0_222") runs in FIPS 140.2 mode. The error thrown on the server is:
>
> “javax.net.ssl.SSLException: Unsupported record version SSLv3” (which
> originates from: sun.security.ssl.InputRecord.checkRecordVersion(…))
>
> This error only happens when the server JRE runs in FIPS 140.2 mode.
> This is because of the following code in class
> sun.security.ssl.ProtocolVersion:
>
> “
>
> // minimum version we implement (SSL 3.0)
>
> final static ProtocolVersion MIN = FIPS ? TLS10 : SSL30;
>
> “
>
> Our server **only** allows TLS 1.2 as TLS protocol version, however, If
> I have the correct understanding of the TLS 1.2 specification enforcing
> a record version of (at least ) TLS10 seems to violate the specification
> (https://tools.ietf.org/html/rfc5246#appendix-E.1):
>
> “
>
> […] Thus, TLS servers compliant with this specification MUST accept
> any value {03,XX} as
>
> the record layer version number for ClientHello. […]
>
> (Appendix E. Backward Compatibility - E.1. Compatibility with TLS
> 1.0/1.1 and SSL 3.0)
>
> “
>
> Is this something which should be fixed in the JRE? Or is the behavior
> of the client wrong?
>
> Thanks,
>
> Christian.
>
More information about the security-dev
mailing list