TLS v1.3 extensions in TLS v1.2 handshake
Fridrich Strba
fridrich.strba at suse.com
Tue May 25 05:12:26 UTC 2021
Hello, good people,
The java 11 implementation of TLS v1.3 was backported into java 8 since
some CPUs and it results sometimes in new handshake failures with
hard-to-updage-firmware devices whose shell life might be still long.
We somehow debugged those failures and some devices bomb because of
TLSv1.2 handshake containing the signature_algorihms_cert and
supported_versions extensions.
I would love to propose for Java 8 the attached patch that would make
the TLSv1.2 handshake to look exactly as it was looking in 8u252. The
TLSv1.3 handshake still contains both extensions as it should. This
could solve the differences of Java 8 behaviour between different update
numbers.
Please, have a look and comment
Cheers
Fridrich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tls13extensions.patch
Type: text/x-patch
Size: 1153 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20210525/ca592339/tls13extensions.patch>
More information about the security-dev
mailing list