<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hmmm, looks a lot like this issue:
<a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8241360">https://bugs.openjdk.java.net/browse/JDK-8241360</a>. What happens if
you run it with
-Djdk.tls.client.enableStatusRequestExtension=true? That should
get you past it. This is mentioned in the release notes for
8u261:</p>
<p><a class="moz-txt-link-freetext" href="https://www.oracle.com/java/technologies/javase/8u261-relnotes.html">https://www.oracle.com/java/technologies/javase/8u261-relnotes.html</a></p>
<p>--Jamil<br>
</p>
<div class="moz-cite-prefix">On 8/10/2020 5:49 PM, Bernd wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CABOR3+xAT+h+4+ChhLG+KQ6d4Foe8LxifO2a6TrE58Hn09s4PQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hallo,
<div><br>
</div>
<div>is the upcoming Java8u TLS backport supposed to work
with "-<span
style="color:rgb(43,46,47);font-family:"Lucida
Sans Unicode","Lucida
Grande",Tahoma,Verdana,sans-serif;font-size:14px">Djdk.tls.client.protocols=TLSv1.3"
when connecting to <a href="https://www.google.com"
moz-do-not-send="true">https://www.google.com</a>?</span></div>
<div><span
style="color:rgb(43,46,47);font-family:"Lucida
Sans Unicode","Lucida
Grande",Tahoma,Verdana,sans-serif;font-size:14px"><br>
</span></div>
<div><span
style="color:rgb(43,46,47);font-family:"Lucida
Sans Unicode","Lucida
Grande",Tahoma,Verdana,sans-serif;font-size:14px">I
get an alert when I try to HttpsURLConnection.open to
it. This happens with the Zulu port of this feature as
well as the 8u261GA from Oracle. When specifying
TLSv1.3,TLSv1.2 it connects but uses a v2 cipher.</span></div>
<div><span
style="color:rgb(43,46,47);font-family:"Lucida
Sans Unicode","Lucida
Grande",Tahoma,Verdana,sans-serif;font-size:14px"><br>
</span></div>
<div><span
style="color:rgb(43,46,47);font-family:"Lucida
Sans Unicode","Lucida
Grande",Tahoma,Verdana,sans-serif;font-size:14px">The
OpenJSSE (-XX:+UseOpenJSSE) backport of Zulu seems not
affected, it does handshake correctly with Google (so
only difference i can see is an additional OCSP
request and chacha cipher which is not picked).</span></div>
<div><span
style="color:rgb(43,46,47);font-family:"Lucida
Sans Unicode","Lucida
Grande",Tahoma,Verdana,sans-serif;font-size:14px"><br>
</span></div>
<div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px">javax.net.ssl|FINE|01|main|2020-08-11
01:45:23.268 CEST|Logger.java:765|Produced
ClientHello handshake message (</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px">"ClientHello": {</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "client version" :
"TLSv1.2",</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "random" :
"51 1A 14 21 CF BA 47 06 AB 26 67 4C 97 D9 12 77
BA 61 93 E3 DE 61 5C AC 30 10 9A 82 42 3D FC F1",</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "session id" :
"C7 34 0D C4 D4 14 43 12 32 80 CF 23 52 A5 44 7A
34 4D BF F6 F0 62 4D 1F AA 3D 73 85 EB 49 29 B8",</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "cipher suites" :
"[TLS_AES_128_GCM_SHA256(0x1301),
TLS_AES_256_GCM_SHA384(0x1302)]",</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "compression methods" :
"00",</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "extensions" : [</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "server_name (0)": {</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> type=host_name (0),
value=<a href="http://www.google.com"
moz-do-not-send="true">www.google.com</a></span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> },</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "supported_groups
(10)": {</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "versions":
[secp256r1, secp384r1, secp521r1, ffdhe2048,
ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> },</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "signature_algorithms
(13)": {</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "signature schemes":
[ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,
ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512,
rsa_pss_pss_sha256, rsa_pss_pss_sha384,
rsa_pss_pss_sha512, rsa_pkcs1_sha256,
rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1,
rsa_pkcs1_sha1]</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> },</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px">
"signature_algorithms_cert (50)": {</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "signature schemes":
[ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,
ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512,
rsa_pss_pss_sha256, rsa_pss_pss_sha384,
rsa_pss_pss_sha512, rsa_pkcs1_sha256,
rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1,
rsa_pkcs1_sha1]</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> },</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "supported_versions
(43)": {</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "versions": [TLSv1.3]</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> },</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "psk_key_exchange_modes
(45)": {</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "ke_modes":
[psk_dhe_ke]</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> },</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "key_share (51)": {</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "client_shares": [ </span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> {</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "named group":
secp256r1</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> "key_exchange": {</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> 0000: 04 A4 C2
58 EF 8B 62 3D 47 C4 21 FE 7D 4A 85 2B
...X..b=G.!..J.+</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> 0010: AE 99 7D
3C 30 08 F4 00 F3 B0 A9 17 DE 0E B1 16
...<0...........</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> 0020: 0D 45 46
87 42 B0 83 68 FB 15 E9 79 D2 40 8C DA
.EF.B..h...y.@..</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> 0030: 38 FF 76
52 1D 40 10 A0 BE 39 75 8B 79 F0 CD A1
<a class="moz-txt-link-abbreviated" href="mailto:8.vR.@...9u.y">8.vR.@...9u.y</a>...</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> 0040: E1 </span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> }</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> },</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> ]</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> }</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"> ]</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px">}</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px">)</span></font></div>
</div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px">...</span></font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f">
<div><span style="font-size:14px">javax.net.ssl|FINE|01|main|2020-08-11
01:45:23.288 CEST|Logger.java:765|Received alert
message (</span></div>
<div><span style="font-size:14px">"Alert": {</span></div>
<div><span style="font-size:14px"> "level" :
"fatal",</span></div>
<div><span style="font-size:14px"> "description":
"protocol_version"</span></div>
<div><span style="font-size:14px">}</span></div>
<div><span style="font-size:14px">)</span></div>
<div style="font-size:14px"><br>
</div>
</font></div>
<div><font face="Lucida Sans Unicode, Lucida Grande,
Tahoma, Verdana, sans-serif" color="#2b2e2f"><span
style="font-size:14px"><br>
</span></font></div>
<div><span
style="color:rgb(43,46,47);font-family:"Lucida
Sans Unicode","Lucida
Grande",Tahoma,Verdana,sans-serif;font-size:14px"><br>
</span></div>
<div><span
style="color:rgb(43,46,47);font-family:"Lucida
Sans Unicode","Lucida
Grande",Tahoma,Verdana,sans-serif;font-size:14px">Gruss</span></div>
<div><span
style="color:rgb(43,46,47);font-family:"Lucida
Sans Unicode","Lucida
Grande",Tahoma,Verdana,sans-serif;font-size:14px">Bernd</span></div>
</div>
</div>
</div>
</div>
</blockquote>
</body>
</html>