JDK-6976121 : TLS client should not use the negotiated protocol version for session resumption
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 6u21,7
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: generic,solaris_10
  • CPU: generic,sparc
  • Submitted: 2010-08-11
  • Updated: 2019-02-11
  • Resolved: 2013-12-21
Related Reports
Duplicate :  
Relates :  
Relates :  
TLS specification (RFC 5246) requires that no matter initial handshake or session resumption, ClientHello.client_version SHOULD be the latest version supported by the client:

      The version of the TLS protocol by which the client wishes to
      communicate during this session.  This SHOULD be the latest
      (highest valued) version supported by the client.  For this
      version of the specification, the version will be 3.3 (see
      Appendix E for details about backward compatibility).

However, for abbreviated handshake(session resumption), SunJSSE use the negotiated protocol version. Need to evaluate the interoperability and necessities about whether we should switch to use the latest version supported in abbreviated handshakes.

See: http://www.ietf.org/mail-archive/web/tls/current/msg06842.html

Per TLS specification (TLS 1.0/1.1/1.2): Whenever a client already knows the highest protocol known to a server (for example, when resuming a session), it should initiate the connection in that native protocol. There was also a thread talking about this issue in IETF TLS mail list, http://www.ietf.org/mail-archive/web/tls/current/msg06840.html. Our implementation is compliant to this specification. Not a bug. Re-open JDK-6998053 for SSLv2Hello issue.

EVALUATION I think we should also respect the v2Hello on a resumption (that is, on a new connection, not a renegotiation). Right now, on a resumption, the SSLv2Hello is not respected, and I think it should be. Please see 6998053 for more information about this situation and how it affected one customer, and to make sure everything in that bug is addressed.

EVALUATION Both IE and Opera use the negotiated protocol version for session resumption. We may face interoperability problem if we switch to use the latest version supported in abbreviated handshakes. This policy is 10+ year old, it is not worthy to make the update as all mainstream vendor use the same policy.