<div dir="ltr"><div dir="ltr">Thanks Xuelei,<div>Do you mean to create an RFE at openjdk <a href="https://bugs.openjdk.java.net/">https://bugs.openjdk.java.net/</a> ?</div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Jan 22, 2019 at 5:02 AM Xuelei Fan <<a href="mailto:xuelei.fan@oracle.com">xuelei.fan@oracle.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi Amir,</p>
<p>I can see the problem for incompatible impl. Would you mind
submit an OpenJDK enhancement for a workaround?<br>
</p>
<p>Thanks & Regards,</p>
<p>Xuelei<br>
</p>
<div class="gmail-m_5594560675108067302moz-cite-prefix">On 1/20/2019 4:10 PM, Amir Khassaia
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Xuelei,</div>
<div><br>
</div>
<div dir="ltr">I have a sample socket client for the device
TLS issue but its not very helpful as any socket client
created on top of JDK will do, the last problem was
apparent only when talking to a specific hardware device
which refused to negotiate TLS session (I've seen several
odd TLS implementations that were intolerant to Java
changes in various ways over the years and compatibility
could always be assured through config changes, this time
around less so).</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Some of the hardware TLS stacks can range
from small oddities to being completely broken by small
changes as they can contain outdated and poorly
implemented TLS stacks that are very sensitive so even a
small change can break them and thats why its always
important to have levers provided to control almost every
aspect of the handshake.<br>
<div><br>
</div>
<div>I have a sample in my gist (<a href="https://gist.github.com/amir-khassaia/04347ca88526f4b958b3326968a905c0" target="_blank">https://gist.github.com/amir-khassaia/04347ca88526f4b958b3326968a905c0</a>),
apologies its in Kotlin. When ran with java 8, 9, 10
there were no issues. With java 11 this worked on most
devices but I've had a device at a remote location that
was not in my control that I've had to diagnose the
handshake failure on using java 11 it was intolerant to
TLS 1.2 client hello from Java 11 but fine with TLS 1.1
as the new extensions are not present. It would be fine
with TLS 1.2 client hello from Java 10 and earlier as I
mentioned.</div>
<div><br>
</div>
<div>Javax.net.debug output</div>
<div>-------------------------------</div>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.395
AEDT|SSLCipher.java:437|jdk.tls.keyLimits: entry =
AES/GCM/NoPadding KeyUpdate 2^37.
AES/GCM/NOPADDING:KEYUPDATE = 137438953472<br>
javax.net.ssl|WARNING|01|main|2019-01-08 13:40:14.433
AEDT|ServerNameExtension.java:255|Unable to indicate
server name<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.433
AEDT|SSLExtensions.java:235|Ignore, context unavailable
extension: server_name<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.433
AEDT|SSLExtensions.java:235|Ignore, context unavailable
extension: status_request<br>
javax.net.ssl|WARNING|01|main|2019-01-08 13:40:14.443
AEDT|SignatureScheme.java:282|Signature algorithm,
ed25519, is not supported by the underlying providers<br>
javax.net.ssl|WARNING|01|main|2019-01-08 13:40:14.444
AEDT|SignatureScheme.java:282|Signature algorithm, ed448,
is not supported by the underlying providers<br>
javax.net.ssl|INFO|01|main|2019-01-08 13:40:14.449
AEDT|AlpnExtension.java:161|No available application
protocols<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.449
AEDT|SSLExtensions.java:235|Ignore, context unavailable
extension: application_layer_protocol_negotiation<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.450
AEDT|SSLExtensions.java:235|Ignore, context unavailable
extension: status_request_v2<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.453
AEDT|ClientHello.java:651|Produced ClientHello handshake
message (<br>
"ClientHello": {<br>
"client version" : "TLSv1.2",<br>
"random" : "1A BA E8 FC 59 00 AB DF 9A 1A
07 94 24 7F 34 3D 0B D2 7D 10 72 52 54 CD 44 43 62 E8 8B
42 C6 68",<br>
"session id" : "",<br>
"cipher suites" :
"[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029),
TLS_RSA_WITH_AES_128_CBC_SHA(0x002F)]",<br>
"compression methods" : "00",<br>
"extensions" : [<br>
"supported_groups (10)": {<br>
"versions": [secp256r1, secp384r1, secp521r1,
secp160k1]<br>
},<br>
"ec_point_formats (11)": {<br>
"formats": [uncompressed]<br>
},<br>
"signature_algorithms (13)": {<br>
"signature schemes": [ecdsa_secp256r1_sha256,
ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512,
rsa_pss_rsae_sha256, rsa_pss_rsae_sha384,
rsa_pss_rsae_sha512, rsa_pss_pss_sha256,
rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256,
rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256,
ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1,
rsa_pkcs1_sha1, dsa_sha1, rsa_md5]<br>
},<br>
"signature_algorithms_cert (50)": {<br>
"signature schemes": [ecdsa_secp256r1_sha256,
ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512,
rsa_pss_rsae_sha256, rsa_pss_rsae_sha384,
rsa_pss_rsae_sha512, rsa_pss_pss_sha256,
rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256,
rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256,
ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1,
rsa_pkcs1_sha1, dsa_sha1, rsa_md5]<br>
},<br>
"extended_master_secret (23)": {<br>
<empty><br>
},<br>
"supported_versions (43)": {<br>
"versions": [TLSv1.2, TLSv1.1]<br>
},<br>
"renegotiation_info (65,281)": {<br>
"renegotiated connection": [<no renegotiated
connection>]<br>
}<br>
]<br>
}<br>
)<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.455
AEDT|Alert.java:232|Received alert message (<br>
"Alert": {<br>
"level" : "fatal",<br>
"description": "handshake_failure"<br>
}<br>
)<br>
javax.net.ssl|ERROR|01|main|2019-01-08 13:40:14.456
AEDT|TransportContext.java:313|Fatal (HANDSHAKE_FAILURE):
Received fatal alert: handshake_failure (<br>
"throwable" : {<br>
javax.net.ssl.SSLHandshakeException: Received fatal
alert: handshake_failure<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)<br>
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)<br>
at
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)<br>
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)<br>
at
java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)<br>
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)<br>
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)<br>
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)<br>
at SslSocketClient.main(SslSocketClient.kt:47)}<br>
<br>
)<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.457
AEDT|SSLSocketImpl.java:1361|close the underlying socket<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.457
AEDT|SSLSocketImpl.java:1380|close the SSL connection
(initiative)<br>
Exception in thread "main"
javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)<br>
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)<br>
at
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)<br>
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)<br>
at
java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)<br>
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)<br>
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)<br>
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)<br>
at SslSocketClient.main(SslSocketClient.kt:47)<br>
<br>
<br>
<br>
<br>
Wireshark TLS 1.2 Java 8 client hello</div>
<div dir="ltr">-------------------------------------------------</div>
<div dir="ltr">
<div dir="ltr">Secure Sockets Layer</div>
<div dir="ltr"> TLSv1.2 Record Layer: Handshake
Protocol: Client Hello</div>
<div dir="ltr"> Content Type: Handshake (22)</div>
<div dir="ltr"> Version: TLS 1.2 (0x0303)</div>
<div dir="ltr"> Length: 157</div>
<div dir="ltr"> Handshake Protocol: Client Hello</div>
<div dir="ltr"> Handshake Type: Client Hello
(1)</div>
<div dir="ltr"> Length: 153</div>
<div dir="ltr"> Version: TLS 1.2 (0x0303)</div>
<div dir="ltr"> Random:
5c34044c709feae39585e4db8e41b0170fbf9fa428b38941...</div>
<div dir="ltr"> GMT Unix Time: Jan 8, 2019
13:00:44.000000000 AUS Eastern Daylight Time</div>
<div dir="ltr"> Random Bytes:
709feae39585e4db8e41b0170fbf9fa428b38941983ddb53...</div>
<div dir="ltr"> Session ID Length: 0</div>
<div dir="ltr"> Cipher Suites Length: 44</div>
<div dir="ltr"> Cipher Suites (22 suites)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)</div>
<div dir="ltr"> Cipher Suite:
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)</div>
<div dir="ltr"> Cipher Suite:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)</div>
<div dir="ltr"> Cipher Suite:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)</div>
<div dir="ltr"> Cipher Suite:
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)</div>
<div dir="ltr"> Cipher Suite:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)</div>
<div dir="ltr"> Cipher Suite:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)</div>
<div dir="ltr"> Cipher Suite:
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)</div>
<div dir="ltr"> Cipher Suite:
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)</div>
<div dir="ltr"> Cipher Suite:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)</div>
<div dir="ltr"> Cipher Suite:
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)</div>
<div dir="ltr"> Cipher Suite:
TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)</div>
<div dir="ltr"> Compression Methods Length: 1</div>
<div dir="ltr"> Compression Methods (1 method)</div>
<div dir="ltr"> Compression Method: null
(0)</div>
<div dir="ltr"> Extensions Length: 68</div>
<div dir="ltr"> Extension: supported_groups
(len=22)</div>
<div dir="ltr"> Type: supported_groups (10)</div>
<div dir="ltr"> Length: 22</div>
<div dir="ltr"> Supported Groups List
Length: 20</div>
<div dir="ltr"> Supported Groups (10
groups)</div>
<div dir="ltr"> Supported Group:
secp256r1 (0x0017)</div>
<div dir="ltr"> Supported Group:
secp384r1 (0x0018)</div>
<div dir="ltr"> Supported Group:
secp521r1 (0x0019)</div>
<div dir="ltr"> Supported Group:
sect283k1 (0x0009)</div>
<div dir="ltr"> Supported Group:
sect283r1 (0x000a)</div>
<div dir="ltr"> Supported Group:
sect409k1 (0x000b)</div>
<div dir="ltr"> Supported Group:
sect409r1 (0x000c)</div>
<div dir="ltr"> Supported Group:
sect571k1 (0x000d)</div>
<div dir="ltr"> Supported Group:
sect571r1 (0x000e)</div>
<div dir="ltr"> Supported Group:
secp256k1 (0x0016)</div>
<div dir="ltr"> Extension: ec_point_formats
(len=2)</div>
<div dir="ltr"> Type: ec_point_formats (11)</div>
<div dir="ltr"> Length: 2</div>
<div dir="ltr"> EC point formats Length: 1</div>
<div dir="ltr"> Elliptic curves point
formats (1)</div>
<div dir="ltr"> EC point format:
uncompressed (0)</div>
<div dir="ltr"> Extension: signature_algorithms
(len=28)</div>
<div dir="ltr"> Type: signature_algorithms
(13)</div>
<div dir="ltr"> Length: 28</div>
<div dir="ltr"> Signature Hash Algorithms
Length: 26</div>
<div dir="ltr"> Signature Hash Algorithms
(13 algorithms)</div>
<div dir="ltr"> Signature Algorithm:
ecdsa_secp521r1_sha512 (0x0603)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA512 (6)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div dir="ltr"> Signature Algorithm:
rsa_pkcs1_sha512 (0x0601)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA512 (6)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: RSA (1)</div>
<div dir="ltr"> Signature Algorithm:
ecdsa_secp384r1_sha384 (0x0503)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA384 (5)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div dir="ltr"> Signature Algorithm:
rsa_pkcs1_sha384 (0x0501)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA384 (5)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: RSA (1)</div>
<div dir="ltr"> Signature Algorithm:
ecdsa_secp256r1_sha256 (0x0403)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA256 (4)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div dir="ltr"> Signature Algorithm:
rsa_pkcs1_sha256 (0x0401)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA256 (4)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: RSA (1)</div>
<div dir="ltr"> Signature Algorithm:
SHA256 DSA (0x0402)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA256 (4)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: DSA (2)</div>
<div dir="ltr"> Signature Algorithm:
SHA224 ECDSA (0x0303)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA224 (3)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div dir="ltr"> Signature Algorithm:
SHA224 RSA (0x0301)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA224 (3)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: RSA (1)</div>
<div dir="ltr"> Signature Algorithm:
SHA224 DSA (0x0302)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA224 (3)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: DSA (2)</div>
<div dir="ltr"> Signature Algorithm:
ecdsa_sha1 (0x0203)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA1 (2)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: ECDSA (3)</div>
<div dir="ltr"> Signature Algorithm:
rsa_pkcs1_sha1 (0x0201)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA1 (2)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: RSA (1)</div>
<div dir="ltr"> Signature Algorithm:
SHA1 DSA (0x0202)</div>
<div dir="ltr"> Signature Hash
Algorithm Hash: SHA1 (2)</div>
<div dir="ltr"> Signature Hash
Algorithm Signature: DSA (2)</div>
<div dir="ltr"> Extension:
extended_master_secret (len=0)</div>
<div dir="ltr"> Type:
extended_master_secret (23)</div>
<div dir="ltr"> Length: 0</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Wireshark Java 11 TLS 1.2 Client hello</div>
<div>----------------------------------------------------</div>
<div>
<div>Secure Sockets Layer</div>
<div> TLSv1.2 Record Layer: Handshake Protocol:
Client Hello</div>
<div> Content Type: Handshake (22)</div>
<div> Version: TLS 1.2 (0x0303)</div>
<div> Length: 185</div>
<div> Handshake Protocol: Client Hello</div>
<div> Handshake Type: Client Hello (1)</div>
<div> Length: 181</div>
<div> Version: TLS 1.2 (0x0303)</div>
<div> Random:
37f32691301b6b9d45bb62c6268915819881b8ebd95f152c...</div>
<div> GMT Unix Time: Sep 30, 1999
19:00:01.000000000 AUS Eastern Standard Time</div>
<div> Random Bytes:
301b6b9d45bb62c6268915819881b8ebd95f152c41c7e483...</div>
<div> Session ID Length: 0</div>
<div> Cipher Suites Length: 10</div>
<div> Cipher Suites (5 suites)</div>
<div> Cipher Suite:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)</div>
<div> Cipher Suite:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)</div>
<div> Cipher Suite:
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)</div>
<div> Cipher Suite:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)</div>
<div> Cipher Suite:
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)</div>
<div> Compression Methods Length: 1</div>
<div> Compression Methods (1 method)</div>
<div> Compression Method: null (0)</div>
<div> Extensions Length: 130</div>
<div> Extension: supported_groups (len=10)</div>
<div> Type: supported_groups (10)</div>
<div> Length: 10</div>
<div> Supported Groups List Length: 8</div>
<div> Supported Groups (4 groups)</div>
<div> Supported Group: secp256r1
(0x0017)</div>
<div> Supported Group: secp384r1
(0x0018)</div>
<div> Supported Group: secp521r1
(0x0019)</div>
<div> Supported Group: secp160k1
(0x000f)</div>
<div> Extension: ec_point_formats (len=2)</div>
<div> Type: ec_point_formats (11)</div>
<div> Length: 2</div>
<div> EC point formats Length: 1</div>
<div> Elliptic curves point formats (1)</div>
<div> EC point format: uncompressed
(0)</div>
<div> Extension: signature_algorithms
(len=42)</div>
<div> Type: signature_algorithms (13)</div>
<div> Length: 42</div>
<div> Signature Hash Algorithms Length:
40</div>
<div> Signature Hash Algorithms (20
algorithms)</div>
<div> Signature Algorithm:
ecdsa_secp256r1_sha256 (0x0403)</div>
<div> Signature Hash Algorithm
Hash: SHA256 (4)</div>
<div> Signature Hash Algorithm
Signature: ECDSA (3)</div>
<div> Signature Algorithm:
ecdsa_secp384r1_sha384 (0x0503)</div>
<div> Signature Hash Algorithm
Hash: SHA384 (5)</div>
<div> Signature Hash Algorithm
Signature: ECDSA (3)</div>
<div> Signature Algorithm:
ecdsa_secp521r1_sha512 (0x0603)</div>
<div> Signature Hash Algorithm
Hash: SHA512 (6)</div>
<div> Signature Hash Algorithm
Signature: ECDSA (3)</div>
<div> Signature Algorithm:
rsa_pss_rsae_sha256 (0x0804)</div>
<div> Signature Hash Algorithm
Hash: Unknown (8)</div>
<div> Signature Hash Algorithm
Signature: Unknown (4)</div>
<div> Signature Algorithm:
rsa_pss_rsae_sha384 (0x0805)</div>
<div> Signature Hash Algorithm
Hash: Unknown (8)</div>
<div> Signature Hash Algorithm
Signature: Unknown (5)</div>
<div> Signature Algorithm:
rsa_pss_rsae_sha512 (0x0806)</div>
<div> Signature Hash Algorithm
Hash: Unknown (8)</div>
<div> Signature Hash Algorithm
Signature: Unknown (6)</div>
<div> Signature Algorithm:
rsa_pss_pss_sha256 (0x0809)</div>
<div> Signature Hash Algorithm
Hash: Unknown (8)</div>
<div> Signature Hash Algorithm
Signature: Unknown (9)</div>
<div> Signature Algorithm:
rsa_pss_pss_sha384 (0x080a)</div>
<div> Signature Hash Algorithm
Hash: Unknown (8)</div>
<div> Signature Hash Algorithm
Signature: Unknown (10)</div>
<div> Signature Algorithm:
rsa_pss_pss_sha512 (0x080b)</div>
<div> Signature Hash Algorithm
Hash: Unknown (8)</div>
<div> Signature Hash Algorithm
Signature: Unknown (11)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha256 (0x0401)</div>
<div> Signature Hash Algorithm
Hash: SHA256 (4)</div>
<div> Signature Hash Algorithm
Signature: RSA (1)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha384 (0x0501)</div>
<div> Signature Hash Algorithm
Hash: SHA384 (5)</div>
<div> Signature Hash Algorithm
Signature: RSA (1)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha512 (0x0601)</div>
<div> Signature Hash Algorithm
Hash: SHA512 (6)</div>
<div> Signature Hash Algorithm
Signature: RSA (1)</div>
<div> Signature Algorithm: SHA256 DSA
(0x0402)</div>
<div> Signature Hash Algorithm
Hash: SHA256 (4)</div>
<div> Signature Hash Algorithm
Signature: DSA (2)</div>
<div> Signature Algorithm: SHA224
ECDSA (0x0303)</div>
<div> Signature Hash Algorithm
Hash: SHA224 (3)</div>
<div> Signature Hash Algorithm
Signature: ECDSA (3)</div>
<div> Signature Algorithm: SHA224 RSA
(0x0301)</div>
<div> Signature Hash Algorithm
Hash: SHA224 (3)</div>
<div> Signature Hash Algorithm
Signature: RSA (1)</div>
<div> Signature Algorithm: SHA224 DSA
(0x0302)</div>
<div> Signature Hash Algorithm
Hash: SHA224 (3)</div>
<div> Signature Hash Algorithm
Signature: DSA (2)</div>
<div> Signature Algorithm: ecdsa_sha1
(0x0203)</div>
<div> Signature Hash Algorithm
Hash: SHA1 (2)</div>
<div> Signature Hash Algorithm
Signature: ECDSA (3)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha1 (0x0201)</div>
<div> Signature Hash Algorithm
Hash: SHA1 (2)</div>
<div> Signature Hash Algorithm
Signature: RSA (1)</div>
<div> Signature Algorithm: SHA1 DSA
(0x0202)</div>
<div> Signature Hash Algorithm
Hash: SHA1 (2)</div>
<div> Signature Hash Algorithm
Signature: DSA (2)</div>
<div> Signature Algorithm: MD5 RSA
(0x0101)</div>
<div> Signature Hash Algorithm
Hash: MD5 (1)</div>
<div> Signature Hash Algorithm
Signature: RSA (1)</div>
<div> Extension: signature_algorithms_cert
(len=42)</div>
<div> Type: signature_algorithms_cert
(50)</div>
<div> Length: 42</div>
<div> Signature Hash Algorithms Length:
40</div>
<div> Signature Hash Algorithms (20
algorithms)</div>
<div> Signature Algorithm:
ecdsa_secp256r1_sha256 (0x0403)</div>
<div> Signature Hash Algorithm
Hash: SHA256 (4)</div>
<div> Signature Hash Algorithm
Signature: ECDSA (3)</div>
<div> Signature Algorithm:
ecdsa_secp384r1_sha384 (0x0503)</div>
<div> Signature Hash Algorithm
Hash: SHA384 (5)</div>
<div> Signature Hash Algorithm
Signature: ECDSA (3)</div>
<div> Signature Algorithm:
ecdsa_secp521r1_sha512 (0x0603)</div>
<div> Signature Hash Algorithm
Hash: SHA512 (6)</div>
<div> Signature Hash Algorithm
Signature: ECDSA (3)</div>
<div> Signature Algorithm:
rsa_pss_rsae_sha256 (0x0804)</div>
<div> Signature Hash Algorithm
Hash: Unknown (8)</div>
<div> Signature Hash Algorithm
Signature: Unknown (4)</div>
<div> Signature Algorithm:
rsa_pss_rsae_sha384 (0x0805)</div>
<div> Signature Hash Algorithm
Hash: Unknown (8)</div>
<div> Signature Hash Algorithm
Signature: Unknown (5)</div>
<div> Signature Algorithm:
rsa_pss_rsae_sha512 (0x0806)</div>
<div> Signature Hash Algorithm
Hash: Unknown (8)</div>
<div> Signature Hash Algorithm
Signature: Unknown (6)</div>
<div> Signature Algorithm:
rsa_pss_pss_sha256 (0x0809)</div>
<div> Signature Hash Algorithm
Hash: Unknown (8)</div>
<div> Signature Hash Algorithm
Signature: Unknown (9)</div>
<div> Signature Algorithm:
rsa_pss_pss_sha384 (0x080a)</div>
<div> Signature Hash Algorithm
Hash: Unknown (8)</div>
<div> Signature Hash Algorithm
Signature: Unknown (10)</div>
<div> Signature Algorithm:
rsa_pss_pss_sha512 (0x080b)</div>
<div> Signature Hash Algorithm
Hash: Unknown (8)</div>
<div> Signature Hash Algorithm
Signature: Unknown (11)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha256 (0x0401)</div>
<div> Signature Hash Algorithm
Hash: SHA256 (4)</div>
<div> Signature Hash Algorithm
Signature: RSA (1)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha384 (0x0501)</div>
<div> Signature Hash Algorithm
Hash: SHA384 (5)</div>
<div> Signature Hash Algorithm
Signature: RSA (1)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha512 (0x0601)</div>
<div> Signature Hash Algorithm
Hash: SHA512 (6)</div>
<div> Signature Hash Algorithm
Signature: RSA (1)</div>
<div> Signature Algorithm: SHA256 DSA
(0x0402)</div>
<div> Signature Hash Algorithm
Hash: SHA256 (4)</div>
<div> Signature Hash Algorithm
Signature: DSA (2)</div>
<div> Signature Algorithm: SHA224
ECDSA (0x0303)</div>
<div> Signature Hash Algorithm
Hash: SHA224 (3)</div>
<div> Signature Hash Algorithm
Signature: ECDSA (3)</div>
<div> Signature Algorithm: SHA224 RSA
(0x0301)</div>
<div> Signature Hash Algorithm
Hash: SHA224 (3)</div>
<div> Signature Hash Algorithm
Signature: RSA (1)</div>
<div> Signature Algorithm: SHA224 DSA
(0x0302)</div>
<div> Signature Hash Algorithm
Hash: SHA224 (3)</div>
<div> Signature Hash Algorithm
Signature: DSA (2)</div>
<div> Signature Algorithm: ecdsa_sha1
(0x0203)</div>
<div> Signature Hash Algorithm
Hash: SHA1 (2)</div>
<div> Signature Hash Algorithm
Signature: ECDSA (3)</div>
<div> Signature Algorithm:
rsa_pkcs1_sha1 (0x0201)</div>
<div> Signature Hash Algorithm
Hash: SHA1 (2)</div>
<div> Signature Hash Algorithm
Signature: RSA (1)</div>
<div> Signature Algorithm: SHA1 DSA
(0x0202)</div>
<div> Signature Hash Algorithm
Hash: SHA1 (2)</div>
<div> Signature Hash Algorithm
Signature: DSA (2)</div>
<div> Signature Algorithm: MD5 RSA
(0x0101)</div>
<div> Signature Hash Algorithm
Hash: MD5 (1)</div>
<div> Signature Hash Algorithm
Signature: RSA (1)</div>
<div> Extension: extended_master_secret
(len=0)</div>
<div> Type: extended_master_secret (23)</div>
<div> Length: 0</div>
<div> Extension: supported_versions (len=5)</div>
<div> Type: supported_versions (43)</div>
<div> Length: 5</div>
<div> Supported Versions length: 4</div>
<div> Supported Version: TLS 1.2 (0x0303)</div>
<div> Supported Version: TLS 1.1 (0x0302)</div>
<div> Extension: renegotiation_info (len=1)</div>
<div> Type: renegotiation_info (65281)</div>
<div> Length: 1</div>
<div> Renegotiation Info extension</div>
<div> Renegotiation info extension
length: 0</div>
</div>
<div><br>
</div>
<br>
</div>
<div dir="ltr"><br>
</div>
<div dir="ltr"><br>
</div>
<div dir="ltr"><br>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Mon, Jan 21, 2019 at 10:37 AM Xuelei Fan <<a href="mailto:xuelei.fan@oracle.com" target="_blank">xuelei.fan@oracle.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi Amir,</p>
<p>Normally, the extension should have no impact if it
cannot be recognized by the server. It's good to be able
to disable extensions if not needed. I need to evaluate
the priority of it although. Did you have a simple test
code that I can reproduce the issue?</p>
<p>Thanks,</p>
<p>Xuelei<br>
</p>
<div class="gmail-m_5594560675108067302gmail-m_-4755691366878045308moz-cite-prefix">On
1/20/2019 3:03 PM, Amir Khassaia wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Greetings Xuelei,
<div>To follow up on this, the certificate in the
connection is a red herring and not important. It's
actually a very unusual behaviour by <a href="http://talk.google.com/" target="_blank">talk.google.com</a> endpoint
to encapsulate an error message inside a certificate.</div>
<div><br>
</div>
<div>As per the output I included: </div>
<div>
<pre style="white-space:pre-wrap;color:rgb(0,0,0)"><i>"certificate" : {
</i>><i> "version" : "v3",
</i>><i> "serial number" : "00 90 76 89 18 E9 33 93 A0",
</i>><i> "signature algorithm": "SHA256withRSA",
</i>><i> "issuer" : "CN=invalid2.invalid, OU="No SNI provided;
</i>><i> please fix your client."",
</i>><i> "not before" : "2015-01-01 11:00:00.000 AEDT",
</i>><i> "not after" : "2030-01-01 11:00:00.000 AEDT",
</i>><i> "subject" : "CN=invalid2.invalid, OU="No SNI provided;
</i>><i> please fix your client."",</i></pre>
<pre style="white-space:pre-wrap;color:rgb(0,0,0)"><i>
</i></pre>
<pre style="white-space:pre-wrap;color:rgb(0,0,0)"><span style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;white-space:normal">This certificate simply masks the TLS interoperability issue as an untrusted certificate issue.</span></pre>
The fact is, some of the extensions sent by JSSE are
changes to TLS 1.2 to support TLS 1.3, this however
affects some clients adversely in practice and usually
JDK provides properties to turn new enhancements off
and work around such behaviour, for the extensions I
mentioned this is not provided and hence they are
always sent for client sockets unless TLSv1.2 is not
in use. </div>
<div><br>
</div>
<div>The impact to us is that upgrading to JDK11 means
for some endpoints or devices that are not 100%
compliant to the spec the security is reduced as we
have to now work around to drop connections to these
to TLSv1.1 or TLS1.0 or not to move to Java 11 at all.</div>
<div>
<pre style="white-space:pre-wrap"><font face="Arial, Helvetica, sans-serif"><span style="white-space:normal">My request is simply to have all of the new extensions configurable on individual basis so that they can be turned off if needed for compatibility just like most other security enhancements that were delivered in the past.</span></font></pre>
It appears some of the issues can come from <br>
<br>
- inclusion of RSASSA-PSS alg in TLS 1.2 handshakes
but these can disabled at least<br>
<br>
-signature_algorithms_cert and supported_versions
extensions which seem to be hardcoded for TLS 1.2 (I
was not able to conclusively identify which of these
caused my troubles)<br>
<br>
<a href="https://tools.ietf.org/html/rfc8446#section-1.3" target="_blank">https://tools.ietf.org/html/rfc8446#section-1.3</a> does
say that TLS 1.2 clients are affected but in an
optional manner.Just today I've encountered another
Java 11 interop issue with TLS but this time with a
physical device which can have a long shelf life yet
running a simple client socket handshake abruptly
terminates the connection upon client hello (no
server_hello at all), and downgrading the JRE below 11
works fine. I'm including a trace for that as well:
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.395
AEDT|SSLCipher.java:437|jdk.tls.keyLimits: entry =
AES/GCM/NoPadding KeyUpdate 2^37.
AES/GCM/NOPADDING:KEYUPDATE = 137438953472<br>
<br>
javax.net.ssl|WARNING|01|main|2019-01-08 13:40:14.433
AEDT|ServerNameExtension.java:255|Unable to indicate
server name<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.433
AEDT|SSLExtensions.java:235|Ignore, context
unavailable extension: server_name<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.433
AEDT|SSLExtensions.java:235|Ignore, context
unavailable extension: status_request<br>
<br>
javax.net.ssl|WARNING|01|main|2019-01-08 13:40:14.443
AEDT|SignatureScheme.java:282|Signature algorithm,
ed25519, is not supported by the underlying providers<br>
<br>
javax.net.ssl|WARNING|01|main|2019-01-08 13:40:14.444
AEDT|SignatureScheme.java:282|Signature algorithm,
ed448, is not supported by the underlying providers<br>
<br>
javax.net.ssl|INFO|01|main|2019-01-08 13:40:14.449
AEDT|AlpnExtension.java:161|No available application
protocols<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.449
AEDT|SSLExtensions.java:235|Ignore, context
unavailable extension:
application_layer_protocol_negotiation<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.450
AEDT|SSLExtensions.java:235|Ignore, context
unavailable extension: status_request_v2<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.453
AEDT|ClientHello.java:651|Produced ClientHello
handshake message (<br>
<br>
"ClientHello": {<br>
<br>
"client version" : "TLSv1.2",<br>
<br>
"random" : "1A BA E8 FC 59 00 AB DF 9A
1A 07 94 24 7F 34 3D 0B D2 7D 10 72 52 54 CD 44 43 62
E8 8B 42 C6 68",<br>
<br>
"session id" : "",<br>
<br>
"cipher suites" :
"[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029),
TLS_RSA_WITH_AES_128_CBC_SHA(0x002F)]",<br>
<br>
"compression methods" : "00",<br>
<br>
"extensions" : [<br>
<br>
"supported_groups (10)": {<br>
<br>
"versions": [secp256r1, secp384r1, secp521r1,
secp160k1]<br>
<br>
},<br>
<br>
"ec_point_formats (11)": {<br>
<br>
"formats": [uncompressed]<br>
<br>
},<br>
<br>
"signature_algorithms (13)": {<br>
<br>
"signature schemes": [ecdsa_secp256r1_sha256,
ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512,
rsa_pss_rsae_sha256, rsa_pss_rsae_sha384,
rsa_pss_rsae_sha512, rsa_pss_pss_sha256,
rsa_pss_pss_sha384, rsa_pss_pss_sha512,
rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512,
dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224,
ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1, rsa_md5]<br>
<br>
},<br>
<br>
"signature_algorithms_cert (50)": {<br>
<br>
"signature schemes": [ecdsa_secp256r1_sha256,
ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512,
rsa_pss_rsae_sha256, rsa_pss_rsae_sha384,
rsa_pss_rsae_sha512, rsa_pss_pss_sha256,
rsa_pss_pss_sha384, rsa_pss_pss_sha512,
rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512,
dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224,
ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1, rsa_md5]<br>
<br>
},<br>
<br>
"extended_master_secret (23)": {<br>
<br>
<empty><br>
<br>
},<br>
<br>
"supported_versions (43)": {<br>
<br>
"versions": [TLSv1.2, TLSv1.1]<br>
<br>
},<br>
<br>
"renegotiation_info (65,281)": {<br>
<br>
"renegotiated connection": [<no renegotiated
connection>]<br>
<br>
}<br>
<br>
]<br>
<br>
}<br>
<br>
)<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.455
AEDT|Alert.java:232|Received alert message (<br>
<br>
"Alert": {<br>
<br>
"level" : "fatal",<br>
<br>
"description": "handshake_failure"<br>
<br>
}<br>
<br>
)<br>
<br>
javax.net.ssl|ERROR|01|main|2019-01-08 13:40:14.456
AEDT|TransportContext.java:313|Fatal
(HANDSHAKE_FAILURE): Received fatal alert:
handshake_failure (<br>
<br>
"throwable" : {<br>
<br>
javax.net.ssl.SSLHandshakeException: Received fatal
alert: handshake_failure<br>
<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)<br>
<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)<br>
<br>
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)<br>
<br>
at
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)<br>
<br>
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)<br>
<br>
at
java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)<br>
<br>
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)<br>
<br>
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)<br>
<br>
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)<br>
<br>
at SslSocketClient.main(SslSocketClient.kt:47)}<br>
<br>
<br>
)<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.457
AEDT|SSLSocketImpl.java:1361|close the underlying
socket<br>
<br>
javax.net.ssl|DEBUG|01|main|2019-01-08 13:40:14.457
AEDT|SSLSocketImpl.java:1380|close the SSL connection
(initiative)<br>
<br>
Exception in thread "main"
javax.net.ssl.SSLHandshakeException: Received fatal
alert: handshake_failure<br>
<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)<br>
<br>
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)<br>
<br>
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)<br>
<br>
at
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)<br>
<br>
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)<br>
<br>
at
java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)<br>
<br>
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)<br>
<br>
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)<br>
<br>
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)<br>
<br>
at SslSocketClient.main(SslSocketClient.kt:47)</div>
<div><br>
</div>
<div><br>
<br>
<br>
I've sent my reply earlier but neither got it posted
nor denied notification so trying again.</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote></div>