<html><body><div dir="ltr"><div>
</div><div><div>
<div>Need to correct myself, there is no alert from the server in the trace, but this exception:</div><div dir="ltr"><br></div><div dir="ltr"><pre style="text-decoration:none;overflow-wrap:break-word;white-space:pre-wrap">javax.net.ssl|ERROR|81|HttpClient-1-Worker-0|2023-09-01 10:33:57.441 CEST|TransportContext.java:370|Fatal (DECODE_ERROR): Invalid TLS_GREASE extension data: not empty (
"throwable" : {
javax.net.ssl.SSLProtocolException: Invalid TLS_GREASE extension data: not empty
at java.base/sun.security.ssl.TLSGreaseExtension$TLSGreaseSpec.<init>(TLSGreaseExtension.java:80)
at </pre></div><div dir="ltr"><br></div><div dir="ltr">Which in fact is what you suspected, the GreaseExtension does not like this extended usage. (It seems there is no hex trace in there, so it’s hard to debug). The extension is your custom code, right?</div><div dir="ltr"><br></div><div dir="ltr">Gruss</div><div dir="ltr">Bernd</div>
<div id="ms-outlook-mobile-signature"><div><br></div><div><br></div><div style="direction:ltr">-- </div><div style="direction:ltr">http://bernd.eckenfels.net</div></div>
</div>
<div> </div><hr style="display:inline-block;width:98%" tabindex="-1"><div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif"><b>Von:</b> security-dev <security-dev-retn@openjdk.org> im Auftrag von Bernd <ecki@zusammenkunft.net><br><b>Gesendet:</b> Freitag, September 1, 2023 4:12 PM<br><b>An:</b> Filip Petr. <filipakanation@gmail.com>; security-dev@openjdk.org <security-dev@openjdk.org><br><b>Betreff:</b> Re: Modification of Client hello TLS packet<div> </div></font></div><div dir="ltr"><div>
</div><div><div>
<div>If it’s an alert from the server it’s not your Java program which „spots the unusual extension“. It’s more like your custom extensions sent are not correct to the servers interpretation. Did you maybe hardcode signatures or such?</div><div dir="ltr"><br></div><div dir="ltr">Gruss</div><div dir="ltr">Bernd</div><div id="ms-outlook-mobile-signature"><div style="direction:ltr">-- </div><div style="direction:ltr">http://bernd.eckenfels.net</div></div>
</div>
<div> </div><hr tabindex="-1" style="display:inline-block; width:98%"><div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif"><b>Von:</b> Filip Petr. <filipakanation@gmail.com><br><b>Gesendet:</b> Freitag, September 1, 2023 10:42 AM<br><b>An:</b> security-dev@openjdk.org <security-dev@openjdk.org>; ecki@zusammenkunft.net <ecki@zusammenkunft.net><br><b>Betreff:</b> Re: Modification of Client hello TLS packet<div> </div></font></div><div dir="ltr">The alerts I'm getting are coming from some random web server i'm hitting and i dont know its architecture. In this error traces I'm submitting it's <a href="http://www.google.com">www.google.com</a> but it happens for every other domain I'm trying to hit. It seems that my java app and my client side program is glitching as it's spotting some unusual extensions that I additionally added. I want it to adapt so it doesn't throw errors on them but rather just send them in client hello and act as if nothing has happened unusual.<br><br>The ALPN extensions are matched according to Google Chrome's same ones that it's sending in ClientHello.<br><br>The traces errors are in following link: <a href="https://pastebin.com/raw/6qmeg85H">https://pastebin.com/raw/6qmeg85H</a><br><br><br>I appreciate all the help!<br></div>
</div></div>
</div></div></body></html>