<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 1/21/2019 1:29 PM, Amir Khassaia
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAJ3+Awc=wNQ_00KsHykug+ZeBBMSGYxzscHnVSDCA1tNqmnQqw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">Thanks Xuelei,
<div>Do you mean to create an RFE at openjdk <a
href="https://bugs.openjdk.java.net/"
moz-do-not-send="true">https://bugs.openjdk.java.net/</a>
?</div>
<div><br>
</div>
</div>
</div>
</blockquote>
<p>Yes if you have an OpenJDK account. Otherwise, please use
bugreport.java.com</p>
<p>Thanks,</p>
<p>Xuelei<br>
</p>
<blockquote type="cite"
cite="mid:CAJ3+Awc=wNQ_00KsHykug+ZeBBMSGYxzscHnVSDCA1tNqmnQqw@mail.gmail.com">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Tue, Jan 22, 2019 at 5:02 AM Xuelei Fan <<a
href="mailto:xuelei.fan@oracle.com" moz-do-not-send="true">xuelei.fan@oracle.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi Amir,</p>
<p>I can see the problem for incompatible impl. Would you
mind submit an OpenJDK enhancement for a workaround?<br>
</p>
<p>Thanks & Regards,</p>
<p>Xuelei<br>
</p>
<div class="gmail-m_5594560675108067302moz-cite-prefix">On
1/20/2019 4:10 PM, Amir Khassaia wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Xuelei,</div>
<div><br>
</div>
<div dir="ltr">I have a sample socket client for the
device TLS issue but its not very helpful as any
socket client created on top of JDK will do, the
last problem was apparent only when talking to a
specific hardware device which refused to
negotiate TLS session (I've seen several odd TLS
implementations that were intolerant to Java
changes in various ways over the years and
compatibility could always be assured through
config changes, this time around less so).</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Some of the hardware TLS stacks can
range from small oddities to being completely
broken by small changes as they can contain
outdated and poorly implemented TLS stacks that
are very sensitive so even a small change can
break them and thats why its always important to
have levers provided to control almost every
aspect of the handshake.<br>
<div><br>
</div>
<div>I have a sample in my gist (<a
href="https://gist.github.com/amir-khassaia/04347ca88526f4b958b3326968a905c0"
target="_blank" moz-do-not-send="true">https://gist.github.com/amir-khassaia/04347ca88526f4b958b3326968a905c0</a>),
apologies its in Kotlin. When ran with java 8,
9, 10 there were no issues. With java 11 this
worked on most devices but I've had a device at
a remote location that was not in my control
that I've had to diagnose the handshake failure
on using java 11 it was intolerant to TLS 1.2
client hello from Java 11 but fine with TLS 1.1
as the new extensions are not present. It would
be fine with TLS 1.2 client hello from Java 10
and earlier as I mentioned.</div>
<div><br>
</div>
<div>Javax.net.debug output</div>
<div>-------------------------------</div>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.395
AEDT|SSLCipher.java:437|jdk.tls.keyLimits: entry
= AES/GCM/NoPadding KeyUpdate 2^37.
AES/GCM/NOPADDING:KEYUPDATE = 137438953472<br>
javax.net.ssl|WARNING|01|main|2019-01-08
13:40:14.433
AEDT|ServerNameExtension.java:255|Unable to
indicate server name<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.433 AEDT|SSLExtensions.java:235|Ignore,
context unavailable extension: server_name<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.433 AEDT|SSLExtensions.java:235|Ignore,
context unavailable extension: status_request<br>
javax.net.ssl|WARNING|01|main|2019-01-08
13:40:14.443
AEDT|SignatureScheme.java:282|Signature algorithm,
ed25519, is not supported by the underlying
providers<br>
javax.net.ssl|WARNING|01|main|2019-01-08
13:40:14.444
AEDT|SignatureScheme.java:282|Signature algorithm,
ed448, is not supported by the underlying
providers<br>
javax.net.ssl|INFO|01|main|2019-01-08 13:40:14.449
AEDT|AlpnExtension.java:161|No available
application protocols<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.449 AEDT|SSLExtensions.java:235|Ignore,
context unavailable extension:
application_layer_protocol_negotiation<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.450 AEDT|SSLExtensions.java:235|Ignore,
context unavailable extension: status_request_v2<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.453 AEDT|ClientHello.java:651|Produced
ClientHello handshake message (<br>
"ClientHello": {<br>
"client version" : "TLSv1.2",<br>
"random" : "1A BA E8 FC 59 00 AB DF
9A 1A 07 94 24 7F 34 3D 0B D2 7D 10 72 52 54 CD 44
43 62 E8 8B 42 C6 68",<br>
"session id" : "",<br>
"cipher suites" :
"[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029),
TLS_RSA_WITH_AES_128_CBC_SHA(0x002F)]",<br>
"compression methods" : "00",<br>
"extensions" : [<br>
"supported_groups (10)": {<br>
"versions": [secp256r1, secp384r1,
secp521r1, secp160k1]<br>
},<br>
"ec_point_formats (11)": {<br>
"formats": [uncompressed]<br>
},<br>
"signature_algorithms (13)": {<br>
"signature schemes":
[ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,
ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512,
rsa_pss_pss_sha256, rsa_pss_pss_sha384,
rsa_pss_pss_sha512, rsa_pkcs1_sha256,
rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256,
ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1,
rsa_pkcs1_sha1, dsa_sha1, rsa_md5]<br>
},<br>
"signature_algorithms_cert (50)": {<br>
"signature schemes":
[ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,
ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512,
rsa_pss_pss_sha256, rsa_pss_pss_sha384,
rsa_pss_pss_sha512, rsa_pkcs1_sha256,
rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256,
ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1,
rsa_pkcs1_sha1, dsa_sha1, rsa_md5]<br>
},<br>
"extended_master_secret (23)": {<br>
<empty><br>
},<br>
"supported_versions (43)": {<br>
"versions": [TLSv1.2, TLSv1.1]<br>
},<br>
"renegotiation_info (65,281)": {<br>
"renegotiated connection": [<no
renegotiated connection>]<br>
}<br>
]<br>
}<br>
)<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.455 AEDT|Alert.java:232|Received alert
message (<br>
"Alert": {<br>
"level" : "fatal",<br>
"description": "handshake_failure"<br>
}<br>
)<br>
javax.net.ssl|ERROR|01|main|2019-01-08
13:40:14.456 AEDT|TransportContext.java:313|Fatal
(HANDSHAKE_FAILURE): Received fatal alert:
handshake_failure (<br>
"throwable" : {<br>
javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)<br>
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)<br>
at
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)<br>
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)<br>
at
java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)<br>
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)<br>
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)<br>
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)<br>
at SslSocketClient.main(SslSocketClient.kt:47)}<br>
<br>
)<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.457 AEDT|SSLSocketImpl.java:1361|close
the underlying socket<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.457 AEDT|SSLSocketImpl.java:1380|close
the SSL connection (initiative)<br>
Exception in thread "main"
javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)<br>
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)<br>
at
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)<br>
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)<br>
at
java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)<br>
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)<br>
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)<br>
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)<br>
at SslSocketClient.main(SslSocketClient.kt:47)<br>
<br>
<br>
<br>
<br>
Wireshark TLS 1.2 Java 8 client hello</div>
<div dir="ltr">-------------------------------------------------</div>
<div dir="ltr">
<div dir="ltr">Secure Sockets Layer</div>
<div dir="ltr"> TLSv1.2 Record Layer: Handshake
Protocol: Client Hello</div>
<div dir="ltr"> Content Type: Handshake
(22)</div>
<div dir="ltr"> Version: TLS 1.2 (0x0303)</div>
<div dir="ltr"> Length: 157</div>
<div dir="ltr"> Handshake Protocol: Client
Hello</div>
<div dir="ltr"> Handshake Type: Client
Hello (1)</div>
<div dir="ltr"> Length: 153</div>
<div dir="ltr"> Version: TLS 1.2
(0x0303)</div>
<div dir="ltr"> Random:
5c34044c709feae39585e4db8e41b0170fbf9fa428b38941...</div>
<div dir="ltr"> GMT Unix Time: Jan
8, 2019 13:00:44.000000000 AUS Eastern Daylight
Time</div>
<div dir="ltr"> Random Bytes:
709feae39585e4db8e41b0170fbf9fa428b38941983ddb53...</div>
<div dir="ltr"> Session ID Length: 0</div>
<div dir="ltr"> Cipher Suites Length:
44</div>
<div dir="ltr"> Cipher Suites (22
suites)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)</div>
<div dir="ltr"> Cipher Suite:
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)</div>
<div dir="ltr"> Cipher Suite:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)</div>
<div dir="ltr"> Cipher Suite:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)</div>
<div dir="ltr"> Cipher Suite:
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)</div>
<div dir="ltr"> Cipher Suite:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)</div>
<div dir="ltr"> Cipher Suite:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)</div>
<div dir="ltr"> Cipher Suite:
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)</div>
<div dir="ltr"> Cipher Suite:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)</div>
<div dir="ltr"> Cipher Suite:
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)</div>
<div dir="ltr"> Cipher Suite:
TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)</div>
<div dir="ltr"> Compression Methods
Length: 1</div>
<div dir="ltr"> Compression Methods (1
method)</div>
<div dir="ltr"> Compression Method:
null (0)</div>
<div dir="ltr"> Extensions Length: 68</div>
<div dir="ltr"> Extension:
supported_groups (len=22)</div>
<div dir="ltr"> Type:
supported_groups (10)</div>
<div dir="ltr"> Length: 22</div>
<div dir="ltr"> Supported Groups
List Length: 20</div>
<div dir="ltr"> Supported Groups
(10 groups)</div>
<div dir="ltr"> Supported
Group: secp256r1 (0x0017)</div>
<div dir="ltr"> Supported
Group: secp384r1 (0x0018)</div>
<div dir="ltr"> Supported
Group: secp521r1 (0x0019)</div>
<div dir="ltr"> Supported
Group: sect283k1 (0x0009)</div>
<div dir="ltr"> Supported
Group: sect283r1 (0x000a)</div>
<div dir="ltr"> Supported
Group: sect409k1 (0x000b)</div>
<div dir="ltr"> Supported
Group: sect409r1 (0x000c)</div>
<div dir="ltr"> Supported
Group: sect571k1 (0x000d)</div>
<div dir="ltr"> Supported
Group: sect571r1 (0x000e)</div>
<div dir="ltr"> Supported
Group: secp256k1 (0x0016)</div>
<div dir="ltr"> Extension:
ec_point_formats (len=2)</div>
<div dir="ltr"> Type:
ec_point_formats (11)</div>
<div dir="ltr"> Length: 2</div>
<div dir="ltr"> EC point formats
Length: 1</div>
<div dir="ltr"> Elliptic curves
point formats (1)</div>
<div dir="ltr"> EC point
format: uncompressed (0)</div>
<div dir="ltr"> Extension:
signature_algorithms (len=28)</div>
<div dir="ltr"> Type:
signature_algorithms (13)</div>
<div dir="ltr"> Length: 28</div>
<div dir="ltr"> Signature Hash
Algorithms Length: 26</div>
<div dir="ltr"> Signature Hash
Algorithms (13 algorithms)</div>
<div dir="ltr"> Signature
Algorithm: ecdsa_secp521r1_sha512 (0x0603)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA512 (6)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: ECDSA (3)</div>
<div dir="ltr"> Signature
Algorithm: rsa_pkcs1_sha512 (0x0601)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA512 (6)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: RSA (1)</div>
<div dir="ltr"> Signature
Algorithm: ecdsa_secp384r1_sha384 (0x0503)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA384 (5)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: ECDSA (3)</div>
<div dir="ltr"> Signature
Algorithm: rsa_pkcs1_sha384 (0x0501)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA384 (5)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: RSA (1)</div>
<div dir="ltr"> Signature
Algorithm: ecdsa_secp256r1_sha256 (0x0403)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA256 (4)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: ECDSA (3)</div>
<div dir="ltr"> Signature
Algorithm: rsa_pkcs1_sha256 (0x0401)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA256 (4)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: RSA (1)</div>
<div dir="ltr"> Signature
Algorithm: SHA256 DSA (0x0402)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA256 (4)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: DSA (2)</div>
<div dir="ltr"> Signature
Algorithm: SHA224 ECDSA (0x0303)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA224 (3)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: ECDSA (3)</div>
<div dir="ltr"> Signature
Algorithm: SHA224 RSA (0x0301)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA224 (3)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: RSA (1)</div>
<div dir="ltr"> Signature
Algorithm: SHA224 DSA (0x0302)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA224 (3)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: DSA (2)</div>
<div dir="ltr"> Signature
Algorithm: ecdsa_sha1 (0x0203)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA1 (2)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: ECDSA (3)</div>
<div dir="ltr"> Signature
Algorithm: rsa_pkcs1_sha1 (0x0201)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA1 (2)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: RSA (1)</div>
<div dir="ltr"> Signature
Algorithm: SHA1 DSA (0x0202)</div>
<div dir="ltr"> Signature
Hash Algorithm Hash: SHA1 (2)</div>
<div dir="ltr"> Signature
Hash Algorithm Signature: DSA (2)</div>
<div dir="ltr"> Extension:
extended_master_secret (len=0)</div>
<div dir="ltr"> Type:
extended_master_secret (23)</div>
<div dir="ltr"> Length: 0</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Wireshark Java 11 TLS 1.2 Client hello</div>
<div>----------------------------------------------------</div>
<div>
<div>Secure Sockets Layer</div>
<div> TLSv1.2 Record Layer: Handshake
Protocol: Client Hello</div>
<div> Content Type: Handshake (22)</div>
<div> Version: TLS 1.2 (0x0303)</div>
<div> Length: 185</div>
<div> Handshake Protocol: Client Hello</div>
<div> Handshake Type: Client Hello
(1)</div>
<div> Length: 181</div>
<div> Version: TLS 1.2 (0x0303)</div>
<div> Random:
37f32691301b6b9d45bb62c6268915819881b8ebd95f152c...</div>
<div> GMT Unix Time: Sep 30, 1999
19:00:01.000000000 AUS Eastern Standard Time</div>
<div> Random Bytes:
301b6b9d45bb62c6268915819881b8ebd95f152c41c7e483...</div>
<div> Session ID Length: 0</div>
<div> Cipher Suites Length: 10</div>
<div> Cipher Suites (5 suites)</div>
<div> Cipher Suite:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
(0xc023)</div>
<div> Cipher Suite:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)</div>
<div> Cipher Suite:
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)</div>
<div> Cipher Suite:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)</div>
<div> Cipher Suite:
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)</div>
<div> Compression Methods Length: 1</div>
<div> Compression Methods (1 method)</div>
<div> Compression Method: null
(0)</div>
<div> Extensions Length: 130</div>
<div> Extension: supported_groups
(len=10)</div>
<div> Type: supported_groups (10)</div>
<div> Length: 10</div>
<div> Supported Groups List
Length: 8</div>
<div> Supported Groups (4 groups)</div>
<div> Supported Group:
secp256r1 (0x0017)</div>
<div> Supported Group:
secp384r1 (0x0018)</div>
<div> Supported Group:
secp521r1 (0x0019)</div>
<div> Supported Group:
secp160k1 (0x000f)</div>
<div> Extension: ec_point_formats
(len=2)</div>
<div> Type: ec_point_formats (11)</div>
<div> Length: 2</div>
<div> EC point formats Length: 1</div>
<div> Elliptic curves point
formats (1)</div>
<div> EC point format:
uncompressed (0)</div>
<div> Extension: signature_algorithms
(len=42)</div>
<div> Type: signature_algorithms
(13)</div>
<div> Length: 42</div>
<div> Signature Hash Algorithms
Length: 40</div>
<div> Signature Hash Algorithms
(20 algorithms)</div>
<div> Signature Algorithm:
ecdsa_secp256r1_sha256 (0x0403)</div>
<div> Signature Hash
Algorithm Hash: SHA256 (4)</div>
<div> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div> Signature Algorithm:
ecdsa_secp384r1_sha384 (0x0503)</div>
<div> Signature Hash
Algorithm Hash: SHA384 (5)</div>
<div> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div> Signature Algorithm:
ecdsa_secp521r1_sha512 (0x0603)</div>
<div> Signature Hash
Algorithm Hash: SHA512 (6)</div>
<div> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div> Signature Algorithm:
rsa_pss_rsae_sha256 (0x0804)</div>
<div> Signature Hash
Algorithm Hash: Unknown (8)</div>
<div> Signature Hash
Algorithm Signature: Unknown (4)</div>
<div> Signature Algorithm:
rsa_pss_rsae_sha384 (0x0805)</div>
<div> Signature Hash
Algorithm Hash: Unknown (8)</div>
<div> Signature Hash
Algorithm Signature: Unknown (5)</div>
<div> Signature Algorithm:
rsa_pss_rsae_sha512 (0x0806)</div>
<div> Signature Hash
Algorithm Hash: Unknown (8)</div>
<div> Signature Hash
Algorithm Signature: Unknown (6)</div>
<div> Signature Algorithm:
rsa_pss_pss_sha256 (0x0809)</div>
<div> Signature Hash
Algorithm Hash: Unknown (8)</div>
<div> Signature Hash
Algorithm Signature: Unknown (9)</div>
<div> Signature Algorithm:
rsa_pss_pss_sha384 (0x080a)</div>
<div> Signature Hash
Algorithm Hash: Unknown (8)</div>
<div> Signature Hash
Algorithm Signature: Unknown (10)</div>
<div> Signature Algorithm:
rsa_pss_pss_sha512 (0x080b)</div>
<div> Signature Hash
Algorithm Hash: Unknown (8)</div>
<div> Signature Hash
Algorithm Signature: Unknown (11)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha256 (0x0401)</div>
<div> Signature Hash
Algorithm Hash: SHA256 (4)</div>
<div> Signature Hash
Algorithm Signature: RSA (1)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha384 (0x0501)</div>
<div> Signature Hash
Algorithm Hash: SHA384 (5)</div>
<div> Signature Hash
Algorithm Signature: RSA (1)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha512 (0x0601)</div>
<div> Signature Hash
Algorithm Hash: SHA512 (6)</div>
<div> Signature Hash
Algorithm Signature: RSA (1)</div>
<div> Signature Algorithm:
SHA256 DSA (0x0402)</div>
<div> Signature Hash
Algorithm Hash: SHA256 (4)</div>
<div> Signature Hash
Algorithm Signature: DSA (2)</div>
<div> Signature Algorithm:
SHA224 ECDSA (0x0303)</div>
<div> Signature Hash
Algorithm Hash: SHA224 (3)</div>
<div> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div> Signature Algorithm:
SHA224 RSA (0x0301)</div>
<div> Signature Hash
Algorithm Hash: SHA224 (3)</div>
<div> Signature Hash
Algorithm Signature: RSA (1)</div>
<div> Signature Algorithm:
SHA224 DSA (0x0302)</div>
<div> Signature Hash
Algorithm Hash: SHA224 (3)</div>
<div> Signature Hash
Algorithm Signature: DSA (2)</div>
<div> Signature Algorithm:
ecdsa_sha1 (0x0203)</div>
<div> Signature Hash
Algorithm Hash: SHA1 (2)</div>
<div> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha1 (0x0201)</div>
<div> Signature Hash
Algorithm Hash: SHA1 (2)</div>
<div> Signature Hash
Algorithm Signature: RSA (1)</div>
<div> Signature Algorithm:
SHA1 DSA (0x0202)</div>
<div> Signature Hash
Algorithm Hash: SHA1 (2)</div>
<div> Signature Hash
Algorithm Signature: DSA (2)</div>
<div> Signature Algorithm:
MD5 RSA (0x0101)</div>
<div> Signature Hash
Algorithm Hash: MD5 (1)</div>
<div> Signature Hash
Algorithm Signature: RSA (1)</div>
<div> Extension:
signature_algorithms_cert (len=42)</div>
<div> Type:
signature_algorithms_cert (50)</div>
<div> Length: 42</div>
<div> Signature Hash Algorithms
Length: 40</div>
<div> Signature Hash Algorithms
(20 algorithms)</div>
<div> Signature Algorithm:
ecdsa_secp256r1_sha256 (0x0403)</div>
<div> Signature Hash
Algorithm Hash: SHA256 (4)</div>
<div> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div> Signature Algorithm:
ecdsa_secp384r1_sha384 (0x0503)</div>
<div> Signature Hash
Algorithm Hash: SHA384 (5)</div>
<div> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div> Signature Algorithm:
ecdsa_secp521r1_sha512 (0x0603)</div>
<div> Signature Hash
Algorithm Hash: SHA512 (6)</div>
<div> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div> Signature Algorithm:
rsa_pss_rsae_sha256 (0x0804)</div>
<div> Signature Hash
Algorithm Hash: Unknown (8)</div>
<div> Signature Hash
Algorithm Signature: Unknown (4)</div>
<div> Signature Algorithm:
rsa_pss_rsae_sha384 (0x0805)</div>
<div> Signature Hash
Algorithm Hash: Unknown (8)</div>
<div> Signature Hash
Algorithm Signature: Unknown (5)</div>
<div> Signature Algorithm:
rsa_pss_rsae_sha512 (0x0806)</div>
<div> Signature Hash
Algorithm Hash: Unknown (8)</div>
<div> Signature Hash
Algorithm Signature: Unknown (6)</div>
<div> Signature Algorithm:
rsa_pss_pss_sha256 (0x0809)</div>
<div> Signature Hash
Algorithm Hash: Unknown (8)</div>
<div> Signature Hash
Algorithm Signature: Unknown (9)</div>
<div> Signature Algorithm:
rsa_pss_pss_sha384 (0x080a)</div>
<div> Signature Hash
Algorithm Hash: Unknown (8)</div>
<div> Signature Hash
Algorithm Signature: Unknown (10)</div>
<div> Signature Algorithm:
rsa_pss_pss_sha512 (0x080b)</div>
<div> Signature Hash
Algorithm Hash: Unknown (8)</div>
<div> Signature Hash
Algorithm Signature: Unknown (11)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha256 (0x0401)</div>
<div> Signature Hash
Algorithm Hash: SHA256 (4)</div>
<div> Signature Hash
Algorithm Signature: RSA (1)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha384 (0x0501)</div>
<div> Signature Hash
Algorithm Hash: SHA384 (5)</div>
<div> Signature Hash
Algorithm Signature: RSA (1)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha512 (0x0601)</div>
<div> Signature Hash
Algorithm Hash: SHA512 (6)</div>
<div> Signature Hash
Algorithm Signature: RSA (1)</div>
<div> Signature Algorithm:
SHA256 DSA (0x0402)</div>
<div> Signature Hash
Algorithm Hash: SHA256 (4)</div>
<div> Signature Hash
Algorithm Signature: DSA (2)</div>
<div> Signature Algorithm:
SHA224 ECDSA (0x0303)</div>
<div> Signature Hash
Algorithm Hash: SHA224 (3)</div>
<div> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div> Signature Algorithm:
SHA224 RSA (0x0301)</div>
<div> Signature Hash
Algorithm Hash: SHA224 (3)</div>
<div> Signature Hash
Algorithm Signature: RSA (1)</div>
<div> Signature Algorithm:
SHA224 DSA (0x0302)</div>
<div> Signature Hash
Algorithm Hash: SHA224 (3)</div>
<div> Signature Hash
Algorithm Signature: DSA (2)</div>
<div> Signature Algorithm:
ecdsa_sha1 (0x0203)</div>
<div> Signature Hash
Algorithm Hash: SHA1 (2)</div>
<div> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha1 (0x0201)</div>
<div> Signature Hash
Algorithm Hash: SHA1 (2)</div>
<div> Signature Hash
Algorithm Signature: RSA (1)</div>
<div> Signature Algorithm:
SHA1 DSA (0x0202)</div>
<div> Signature Hash
Algorithm Hash: SHA1 (2)</div>
<div> Signature Hash
Algorithm Signature: DSA (2)</div>
<div> Signature Algorithm:
MD5 RSA (0x0101)</div>
<div> Signature Hash
Algorithm Hash: MD5 (1)</div>
<div> Signature Hash
Algorithm Signature: RSA (1)</div>
<div> Extension:
extended_master_secret (len=0)</div>
<div> Type:
extended_master_secret (23)</div>
<div> Length: 0</div>
<div> Extension: supported_versions
(len=5)</div>
<div> Type: supported_versions
(43)</div>
<div> Length: 5</div>
<div> Supported Versions length:
4</div>
<div> Supported Version: TLS 1.2
(0x0303)</div>
<div> Supported Version: TLS 1.1
(0x0302)</div>
<div> Extension: renegotiation_info
(len=1)</div>
<div> Type: renegotiation_info
(65281)</div>
<div> Length: 1</div>
<div> Renegotiation Info
extension</div>
<div> Renegotiation info
extension length: 0</div>
</div>
<div><br>
</div>
<br>
</div>
<div dir="ltr"><br>
</div>
<div dir="ltr"><br>
</div>
<div dir="ltr"><br>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Mon, Jan 21, 2019 at 10:37 AM Xuelei
Fan <<a href="mailto:xuelei.fan@oracle.com"
target="_blank" moz-do-not-send="true">xuelei.fan@oracle.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi Amir,</p>
<p>Normally, the extension should have no impact if
it cannot be recognized by the server. It's good
to be able to disable extensions if not needed.
I need to evaluate the priority of it although.
Did you have a simple test code that I can
reproduce the issue?</p>
<p>Thanks,</p>
<p>Xuelei<br>
</p>
<div
class="gmail-m_5594560675108067302gmail-m_-4755691366878045308moz-cite-prefix">On
1/20/2019 3:03 PM, Amir Khassaia wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Greetings Xuelei,
<div>To follow up on this, the certificate in
the connection is a red herring and not
important. It's actually a very unusual
behaviour by <a href="http://talk.google.com/"
target="_blank" moz-do-not-send="true">talk.google.com</a> endpoint
to encapsulate an error message inside a
certificate.</div>
<div><br>
</div>
<div>As per the output I included: </div>
<div>
<pre style="white-space:pre-wrap;color:rgb(0,0,0)"><i>"certificate" : {
</i>><i> "version" : "v3",
</i>><i> "serial number" : "00 90 76 89 18 E9 33 93 A0",
</i>><i> "signature algorithm": "SHA256withRSA",
</i>><i> "issuer" : "CN=invalid2.invalid, OU="No SNI provided;
</i>><i> please fix your client."",
</i>><i> "not before" : "2015-01-01 11:00:00.000 AEDT",
</i>><i> "not after" : "2030-01-01 11:00:00.000 AEDT",
</i>><i> "subject" : "CN=invalid2.invalid, OU="No SNI provided;
</i>><i> please fix your client."",</i></pre>
<pre style="white-space:pre-wrap;color:rgb(0,0,0)"><i>
</i></pre>
<pre style="white-space:pre-wrap;color:rgb(0,0,0)"><span style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;white-space:normal">This certificate simply masks the TLS interoperability issue as an untrusted certificate issue.</span></pre>
The fact is, some of the extensions sent by
JSSE are changes to TLS 1.2 to support TLS
1.3, this however affects some clients
adversely in practice and usually JDK provides
properties to turn new enhancements off and
work around such behaviour, for the extensions
I mentioned this is not provided and hence
they are always sent for client sockets unless
TLSv1.2 is not in use. </div>
<div><br>
</div>
<div>The impact to us is that upgrading to JDK11
means for some endpoints or devices that are
not 100% compliant to the spec the security is
reduced as we have to now work around to drop
connections to these to TLSv1.1 or TLS1.0 or
not to move to Java 11 at all.</div>
<div>
<pre style="white-space:pre-wrap"><font face="Arial, Helvetica, sans-serif"><span style="white-space:normal">My request is simply to have all of the new extensions configurable on individual basis so that they can be turned off if needed for compatibility just like most other security enhancements that were delivered in the past.</span></font></pre>
It appears some of the issues can come from <br>
<br>
- inclusion of RSASSA-PSS alg in TLS 1.2
handshakes but these can disabled at least<br>
<br>
-signature_algorithms_cert and
supported_versions extensions which seem to be
hardcoded for TLS 1.2 (I was not able to
conclusively identify which of these caused my
troubles)<br>
<br>
<a
href="https://tools.ietf.org/html/rfc8446#section-1.3"
target="_blank" moz-do-not-send="true">https://tools.ietf.org/html/rfc8446#section-1.3</a> does
say that TLS 1.2 clients are affected but in
an optional manner.Just today I've encountered
another Java 11 interop issue with TLS but
this time with a physical device which can
have a long shelf life yet running a simple
client socket handshake abruptly terminates
the connection upon client hello (no
server_hello at all), and downgrading the JRE
below 11 works fine. I'm including a trace for
that as well:
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.395
AEDT|SSLCipher.java:437|jdk.tls.keyLimits:
entry = AES/GCM/NoPadding KeyUpdate 2^37.
AES/GCM/NOPADDING:KEYUPDATE = 137438953472<br>
<br>
javax.net.ssl|WARNING|01|main|2019-01-08
13:40:14.433
AEDT|ServerNameExtension.java:255|Unable to
indicate server name<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.433
AEDT|SSLExtensions.java:235|Ignore, context
unavailable extension: server_name<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.433
AEDT|SSLExtensions.java:235|Ignore, context
unavailable extension: status_request<br>
<br>
javax.net.ssl|WARNING|01|main|2019-01-08
13:40:14.443
AEDT|SignatureScheme.java:282|Signature
algorithm, ed25519, is not supported by the
underlying providers<br>
<br>
javax.net.ssl|WARNING|01|main|2019-01-08
13:40:14.444
AEDT|SignatureScheme.java:282|Signature
algorithm, ed448, is not supported by the
underlying providers<br>
<br>
javax.net.ssl|INFO|01|main|2019-01-08
13:40:14.449 AEDT|AlpnExtension.java:161|No
available application protocols<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.449
AEDT|SSLExtensions.java:235|Ignore, context
unavailable extension:
application_layer_protocol_negotiation<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.450
AEDT|SSLExtensions.java:235|Ignore, context
unavailable extension: status_request_v2<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.453
AEDT|ClientHello.java:651|Produced ClientHello
handshake message (<br>
<br>
"ClientHello": {<br>
<br>
"client version" : "TLSv1.2",<br>
<br>
"random" : "1A BA E8 FC 59 00
AB DF 9A 1A 07 94 24 7F 34 3D 0B D2 7D 10 72
52 54 CD 44 43 62 E8 8B 42 C6 68",<br>
<br>
"session id" : "",<br>
<br>
"cipher suites" :
"[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029),
TLS_RSA_WITH_AES_128_CBC_SHA(0x002F)]",<br>
<br>
"compression methods" : "00",<br>
<br>
"extensions" : [<br>
<br>
"supported_groups (10)": {<br>
<br>
"versions": [secp256r1, secp384r1,
secp521r1, secp160k1]<br>
<br>
},<br>
<br>
"ec_point_formats (11)": {<br>
<br>
"formats": [uncompressed]<br>
<br>
},<br>
<br>
"signature_algorithms (13)": {<br>
<br>
"signature schemes":
[ecdsa_secp256r1_sha256,
ecdsa_secp384r1_sha384,
ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512,
rsa_pss_pss_sha256, rsa_pss_pss_sha384,
rsa_pss_pss_sha512, rsa_pkcs1_sha256,
rsa_pkcs1_sha384, rsa_pkcs1_sha512,
dsa_sha256, ecdsa_sha224, rsa_sha224,
dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1,
dsa_sha1, rsa_md5]<br>
<br>
},<br>
<br>
"signature_algorithms_cert (50)": {<br>
<br>
"signature schemes":
[ecdsa_secp256r1_sha256,
ecdsa_secp384r1_sha384,
ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512,
rsa_pss_pss_sha256, rsa_pss_pss_sha384,
rsa_pss_pss_sha512, rsa_pkcs1_sha256,
rsa_pkcs1_sha384, rsa_pkcs1_sha512,
dsa_sha256, ecdsa_sha224, rsa_sha224,
dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1,
dsa_sha1, rsa_md5]<br>
<br>
},<br>
<br>
"extended_master_secret (23)": {<br>
<br>
<empty><br>
<br>
},<br>
<br>
"supported_versions (43)": {<br>
<br>
"versions": [TLSv1.2, TLSv1.1]<br>
<br>
},<br>
<br>
"renegotiation_info (65,281)": {<br>
<br>
"renegotiated connection": [<no
renegotiated connection>]<br>
<br>
}<br>
<br>
]<br>
<br>
}<br>
<br>
)<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.455 AEDT|Alert.java:232|Received
alert message (<br>
<br>
"Alert": {<br>
<br>
"level" : "fatal",<br>
<br>
"description": "handshake_failure"<br>
<br>
}<br>
<br>
)<br>
<br>
javax.net.ssl|ERROR|01|main|2019-01-08
13:40:14.456
AEDT|TransportContext.java:313|Fatal
(HANDSHAKE_FAILURE): Received fatal alert:
handshake_failure (<br>
<br>
"throwable" : {<br>
<br>
javax.net.ssl.SSLHandshakeException:
Received fatal alert: handshake_failure<br>
<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)<br>
<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)<br>
<br>
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)<br>
<br>
at
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)<br>
<br>
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)<br>
<br>
at
java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)<br>
<br>
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)<br>
<br>
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)<br>
<br>
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)<br>
<br>
at
SslSocketClient.main(SslSocketClient.kt:47)}<br>
<br>
<br>
)<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.457
AEDT|SSLSocketImpl.java:1361|close the
underlying socket<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08
13:40:14.457
AEDT|SSLSocketImpl.java:1380|close the SSL
connection (initiative)<br>
<br>
Exception in thread "main"
javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure<br>
<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)<br>
<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)<br>
<br>
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)<br>
<br>
at
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)<br>
<br>
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)<br>
<br>
at
java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)<br>
<br>
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)<br>
<br>
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)<br>
<br>
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)<br>
<br>
at
SslSocketClient.main(SslSocketClient.kt:47)</div>
<div><br>
</div>
<div><br>
<br>
<br>
I've sent my reply earlier but neither got it
posted nor denied notification so trying
again.</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</body>
</html>