Bug 1659143 - OpenJDK 11 implements session resumption incorrectly for TLS 1.3
Summary: OpenJDK 11 implements session resumption incorrectly for TLS 1.3
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: java-11-openjdk
Version: 8.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: 8.0
Assignee: Martin Balao
QA Contact: OpenJDK QA
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-13 16:51 UTC by Hubert Kario
Modified: 2019-06-14 01:07 UTC (History)
6 users (show)

Fixed In Version: java-11-openjdk-11.0.2.7-0.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-14 01:07:11 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
openjdk bug system JDK-8211806 0 None None None 2018-12-13 16:51:51 UTC

Description Hubert Kario 2018-12-13 16:51:52 UTC
Description of problem:
OpenJDK 11 does not send SNI in case of session resumption, thus breaking connections with TLS 1.3 compliant servers

Additional info:
https://mailarchive.ietf.org/arch/msg/tls/pixg5cBXHuwd3MtMIn_xIhWmGGQ
https://bugs.openjdk.java.net/browse/JDK-8211806

I haven't tested RHEL-8 packages for this, but it is a severe interoperability issue, so even if it is already fixed, we need a dedicated test case for it.

Comment 1 Andrew John Hughes 2018-12-14 04:53:34 UTC
Assigning to Martin.
Looks like this is due to be fixed in the 11.0.2 release in January.


Note You need to log in before you can comment on or make changes to this bug.