JDK-8256682 : JDK-8202343 is incomplete
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 16
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2020-11-19
  • Updated: 2021-04-12
  • Resolved: 2020-11-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 15 JDK 16 JDK 7 JDK 8 Other
11.0.11Fixed 13.0.8Fixed 15.0.3Fixed 16 b26Fixed 7u301Fixed 8u291Fixed openjdk8u292Fixed
Related Reports
Relates :  
The fix for the following bug is incomplete:

    JDK-8202343 Disable TLS 1.0 and 1.1

The following test is failing in the JDK16 CI:


Here's a snippet from the log file:

javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
	at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:172)
	at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
	at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:238)
	at java.base/sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:107)
	at NullHostnameCheck.handshake(NullHostnameCheck.java:124)
	at NullHostnameCheck.main(NullHostnameCheck.java:100)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:564)
	at com.sun.javatest.regtest.agent.MainActionHelper$AgentVMRunnable.run(MainActionHelper.java:298)
	at java.base/java.lang.Thread.run(Thread.java:831)

JavaTest Message: Test threw exception: javax.net.ssl.SSLHandshakeException
JavaTest Message: shutting down test

result: Failed. Execution failed: `main' threw exception: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

Fix request (13u) need to fix here, too. An additional line is necessary comparing with the original.

Fix Request (15u) Follow up fix for JDK-8202343. Patch applies cleanly and it is a test only change

Fix Request (OpenJDK 8u): Follow up fix for JDK-8202343. Original patch doesn't apply cleanly to 8u, because of NullHostnameCheck.java test was not updated as part of JDK-8202343 8u backport. Review at https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-February/013397.html

Fix Request (OpenJDK 11u): Follow up fix for JDK-8202343. Please approve so that I can push the fixes together. Test only change, applies clean and is low risk.

Changeset: b9db002f Author: Sean Mullan <mullan@openjdk.org> Date: 2020-11-19 19:09:22 +0000 URL: https://github.com/openjdk/jdk/commit/b9db002f