JDK-6976121 : TLS client should not use the negotiated protocol version for session resumption
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 6u21,7
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: generic,solaris_10
  • CPU: generic,sparc
  • Submitted: 2010-08-11
  • Updated: 2019-02-11
  • Resolved: 2013-12-21
Related Reports
Duplicate :  
JDK-6996382 - TLS 1.2 implementation cleanup
Relates :  
JDK-6916074 - Add support for TLS 1.2
Relates :  
JDK-4873188 - Support TLS 1.1
Description
TLS specification (RFC 5246) requires that no matter initial handshake or session resumption, ClientHello.client_version SHOULD be the latest version supported by the client:

   client_version
      The version of the TLS protocol by which the client wishes to
      communicate during this session.  This SHOULD be the latest
      (highest valued) version supported by the client.  For this
      version of the specification, the version will be 3.3 (see
      Appendix E for details about backward compatibility).

However, for abbreviated handshake(session resumption), SunJSSE use the negotiated protocol version. Need to evaluate the interoperability and necessities about whether we should switch to use the latest version supported in abbreviated handshakes.

See: http://www.ietf.org/mail-archive/web/tls/current/msg06842.html
Comments
Per TLS specification (TLS 1.0/1.1/1.2): Whenever a client already knows the highest protocol known to a server (for example, when resuming a session), it should initiate the connection in that native protocol. There was also a thread talking about this issue in IETF TLS mail list, http://www.ietf.org/mail-archive/web/tls/current/msg06840.html. Our implementation is compliant to this specification. Not a bug. Re-open JDK-6998053 for SSLv2Hello issue.
25-12-2013
EVALUATION I think we should also respect the v2Hello on a resumption (that is, on a new connection, not a renegotiation). Right now, on a resumption, the SSLv2Hello is not respected, and I think it should be. Please see 6998053 for more information about this situation and how it affected one customer, and to make sure everything in that bug is addressed.
09-02-2011
EVALUATION Both IE and Opera use the negotiated protocol version for session resumption. We may face interoperability problem if we switch to use the latest version supported in abbreviated handshakes. This policy is 10+ year old, it is not worthy to make the update as all mainstream vendor use the same policy.
22-12-2010