Bug 1659143

Summary: OpenJDK 11 implements session resumption incorrectly for TLS 1.3
Product: Red Hat Enterprise Linux 8 Reporter: Hubert Kario <hkario>
Component: java-11-openjdkAssignee: Martin Balao <mbalao>
Status: CLOSED CURRENTRELEASE QA Contact: OpenJDK QA <java-qa>
Severity: high Docs Contact:
Priority: high    
Version: 8.0CC: ahughes, dbhole, jeharris, jvanek, jwboyer, zzambers
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: java-11-openjdk-11.0.2.7-0.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-14 01:07:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hubert Kario 2018-12-13 16:51:52 UTC
Description of problem:
OpenJDK 11 does not send SNI in case of session resumption, thus breaking connections with TLS 1.3 compliant servers

Additional info:
https://mailarchive.ietf.org/arch/msg/tls/pixg5cBXHuwd3MtMIn_xIhWmGGQ
https://bugs.openjdk.java.net/browse/JDK-8211806

I haven't tested RHEL-8 packages for this, but it is a severe interoperability issue, so even if it is already fixed, we need a dedicated test case for it.

Comment 1 Andrew John Hughes 2018-12-14 04:53:34 UTC
Assigning to Martin.
Looks like this is due to be fixed in the 11.0.2 release in January.