TLS 1.3 compatibility mode issue
Daniel Jeliński
djelinski1 at gmail.com
Mon Dec 20 18:47:17 UTC 2021
Hello,
Some time ago I filed an issue on bugreport
(https://bugs.openjdk.java.net/browse/JDK-8277881) about the issue
where Java does not fill SessionID field in ClientHello message when
resuming a TLS 1.3 session.
The SessionID field is not required by TLS1.3; its resumption
mechanism relies on PSKs. The field was only added in "middlebox
compatibility mode" to fool network devices that are not aware of
TLS1.3 and expect a 2RTT handshake unless SessionID is present.
Java runs in compatibility mode by default, and sends a non-empty
SessionID on the initial handshake. However, if a TLS 1.3 session is
established during the initial connection, subsequent handshakes send
an empty SessionID.
Our customer reported an issue where our Java application was unable
to reliably establish a connection to a customer-provided server. When
we examined a tcpdump of a successful and a failed connection, the
only difference was in the SessionID field. Indeed, when we run the
application with jdk.tls.client.useCompatibilityMode set to false, all
connection attempts fail.
In https://github.com/openjdk/jdk/pull/6583 I propose a patch to set a
non-empty SessionID in TLS 1.3 ClientHello when running in
compatibility mode, even when resuming a TLS 1.3 session.
Let me know if there's anything else I can do to get the issue fixed.
Regards,
Daniel
More information about the security-dev
mailing list