JDK-8256682 : JDK-8202343 is incomplete
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 16
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2020-11-19
  • Updated: 2021-04-12
  • Resolved: 2020-11-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 15 JDK 16 JDK 7 JDK 8 Other
11.0.11Fixed 13.0.8Fixed 15.0.3Fixed 16 b26Fixed 7u301Fixed 8u291Fixed openjdk8u292Fixed
Related Reports
Relates :  
Description
The fix for the following bug is incomplete:

    JDK-8202343 Disable TLS 1.0 and 1.1

The following test is failing in the JDK16 CI:

sun/security/util/HostnameMatcher/NullHostnameCheck.java

Here's a snippet from the log file:

----------System.err:(17/1200)----------
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
	at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:172)
	at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
	at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:238)
	at java.base/sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:107)
	at NullHostnameCheck.handshake(NullHostnameCheck.java:124)
	at NullHostnameCheck.main(NullHostnameCheck.java:100)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:564)
	at com.sun.javatest.regtest.agent.MainActionHelper$AgentVMRunnable.run(MainActionHelper.java:298)
	at java.base/java.lang.Thread.run(Thread.java:831)

JavaTest Message: Test threw exception: javax.net.ssl.SSLHandshakeException
JavaTest Message: shutting down test

result: Failed. Execution failed: `main' threw exception: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

Comments
Fix request (13u) need to fix here, too. An additional line is necessary comparing with the original.
02-04-2021

Fix Request (15u) Follow up fix for JDK-8202343. Patch applies cleanly and it is a test only change
11-03-2021

Fix Request (OpenJDK 8u): Follow up fix for JDK-8202343. Original patch doesn't apply cleanly to 8u, because of NullHostnameCheck.java test was not updated as part of JDK-8202343 8u backport. Review at https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-February/013397.html
10-02-2021

Fix Request (OpenJDK 11u): Follow up fix for JDK-8202343. Please approve so that I can push the fixes together. Test only change, applies clean and is low risk.
14-01-2021

Changeset: b9db002f Author: Sean Mullan <mullan@openjdk.org> Date: 2020-11-19 19:09:22 +0000 URL: https://github.com/openjdk/jdk/commit/b9db002f
19-11-2020