JDK-8214688 : TLS 1.3 session resumption with hello retry request failed with "illegal_parameter"
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 12
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2018-12-03
  • Updated: 2020-12-03
  • Resolved: 2018-12-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 12 JDK 8 Other
11.0.3-oracleFixed 12 b24Fixed 8u261Fixed openjdk8u272Fixed
Related Reports
Relates :  
JDK-8213202 - Possible race condition in TLS 1.3 session resumption
Description
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: illegal_parameter
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
	at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
	at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)
	at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:969)
	at java.base/java.io.OutputStream.write(OutputStream.java:122)
	at JSSEClient.writeOut(JSSEClient.java:145)
	at JSSEClient.connect(JSSEClient.java:118)
	at JSSEClient.main(JSSEClient.java:110)
Comments
Oops, I made a mistake and updated the RE from Adam Petcher to none, as I thought it is an open bug. This bug had been fixed, the RE should not be updated any longer. I'm sorry.
03-12-2020
Fix Request: clean backport Follow-on backport needed as pointed out by Andrew Leonard https://cr.openjdk.java.net/~martin/webrevs/jdk11/JDK-8214688-backport/
29-01-2019
I can confirm that this bug was introduced by the fix to JDK-8213202.
03-12-2018
Reproduce this issue with JDK 12+21 and OpenSSL 1.1.1 1. Start OpenSSL server with attached test.cer and test.key $ echo "Message" > index $ openssl s_server -cert test.cer -key test.key -tls1_3 -groups P-384 -WWW -accept 9443 2. Run attached test JSSEClient.java $ java JSSEClient Server outputs: ---------------------------------------- Using default temp DH parameters ACCEPT FILE:index 140736209757056:error:141FA0FD:SSL routines:tls_psk_do_binder:binder does not verify:ssl/statem/extensions.c:1604: ---------------------------------------- Client outputs: ---------------------------------------- Client send request Client received response: [HTTP/1.0 200 ok Content-type: text/plain Message ] ===== Session ID Start ===== [0, -116, -6, 101, -47, -54, 72, 55, 22, 62, 127, 2, 69, -50, 116, 52, 99, 110, 34, -123, -35, 100, -79, 51, 75, -118, 100, 34, -70, 1, -71, 7] [77, 106, 49, -111, 74, -38, -61, -82, 120, -28, -51, 104, -111, -77, -48, -54, 109, 55, 30, 81, 110, -7, 104, -70, -86, 117, 47, 8, -78, 72, 45, -70] [-54, -55, 23, 117, 20, -114, 106, -49, 87, -24, -13, 50, 60, 107, 57, -46, -82, 112, 68, -17, 4, -115, -48, -118, 60, 30, -111, 98, 51, -113, 83, -52] ===== Session ID End ===== Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: illegal_parameter at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308) at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402) at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716) at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:969) at java.base/java.io.OutputStream.write(OutputStream.java:122) at JSSEClient.writeOut(JSSEClient.java:145) at JSSEClient.connect(JSSEClient.java:118) at JSSEClient.main(JSSEClient.java:110) ----------------------------------------
03-12-2018
The handshaking on (session resumption + HRR) is fine with JSSE server and OpenSSL client.
03-12-2018
Maybe related to JDK-8213202.
03-12-2018