TLS v1.3 extensions in TLS v1.2 handshake
Severin Gehwolf
sgehwolf at redhat.com
Tue May 25 10:18:15 UTC 2021
CC'ing jdk8u-dev list.
Fridrich, is this an 8u-only problem you are observing? Would you have
some details about the problem so that I can file a bug for you?
Thanks,
Severin
On Tue, 2021-05-25 at 07:12 +0200, Fridrich Strba wrote:
> Hello, good people,
>
> The java 11 implementation of TLS v1.3 was backported into java 8
> since some CPUs and it results sometimes in new handshake failures
> with hard-to-updage-firmware devices whose shell life might be still
> long.
>
> We somehow debugged those failures and some devices bomb because of
> TLSv1.2 handshake containing the signature_algorihms_cert and
> supported_versions extensions.
>
> TLSv1.3 handshake still contains both extensions as it should. This
> could solve the differences of Java 8 behaviour between different
> update
> numbers.
>
> Please, have a look and comment
>
> Cheers
>
> Fridrich
>
More information about the security-dev
mailing list