CSR :
|
|
Relates :
|
JDK-8257548 :
|
|
JDK-8265351 :
|
|
JDK-8267255 :
|
As pointed out here: https://mail.openjdk.java.net/pipermail/security-dev/2020-October/022750.html SunJSSE does not handle String conversion to byte[] well, and thus can't represent some of the GREASE values (RFC 8701: https://tools.ietf.org/rfcmarkup?doc=8701 ) For our implementation currently: 1. Client can't send valid GREASE values. We'll send a UTF-8 representation which won't be recognized by peers as GREASE. 2. Server shouldn't crash, but will not report to our API consumers that GREASE values were received. [Update 11/24/2020-after further experimentation/bug fixing] JSSE Client will send >0x7F bytes encoded as 2-4 UTF-8 bytes, which will only be recognized by JSSE peers. Other impls may not know how to decode. For JSSE Server, there are two cases: 1. it can receive >0x7F either as 2-4 UTF-8 bytes (correct value returned in String to app), or 2. as an incorrectly formatted UTF-8. In that case, default "?" value returned to app. For the first case, *IF* the server selects a ALPN value that contains a character with a >0x7F value, the app will crash when trying to create the ALPN extension reply. Evaluate possible approaches.
|