JDK-8223482 : Unsupported ciphersuites may be offered by a TLS client
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 11,12,13
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2019-05-07
  • Updated: 2020-11-24
  • Resolved: 2019-05-29
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 14 JDK 8 Other
11.0.5Fixed 13 b23Fixed 14Fixed 8u261Fixed openjdk8u272Fixed
Related Reports
Relates :  
JDK-8222937 - Cannot establish TLS connections in FIPS mode
Relates :  
JDK-8225739 - sun/security/pkcs11/tls/tls12/FipsModeTLS12.java is not reliable
Relates :  
JDK-8224954 - Test failures with NoSuchAlgorithmException: Unsupported mode GCM after JDK-8223482
Description
A TLS client may offer ciphersuites that it does not support to a TLS server. This happens when SunJCE security provider is disabled. Once possible reason for disabling SunJCE is enabling FIPS mode.

There is an explicit assumption that SunJCE will always be available, when deciding if a ciphersuite is enabled: http://hg.openjdk.java.net/jdk/jdk/file/4f2fd02922b1/src/java.base/share/classes/sun/security/ssl/SSLCipher.java#l492

In the context of fixing this bug, we should review that assumption and check whether or not the ciphersuite should be offered in run time.

To reproduce this bug, we can apply the attached patch to FipsModeTLS12 test. The TLS client will offer TLS_RSA_WITH_AES_128_GCM_SHA256 ciphersuite while AES/GCM/NoPadding transformation is not available in SunPKCS11 provider. Verified in JDK revision df2b3565f343.
Comments
Fix Request I'm requesting a jdk11u backport approval because this release is affected by this bug. In particular, this bug is causing TLS handshake problems when operating in FIPS mode (with SunJCE security provider disabled). Patch applies almost cleanly except for a few lines that do not apply to the test case (TestTLS12.java). However, there is a JDK-11 specific change that we need to make. As a result, I'll go through a review process.
18-07-2019
@David: my understanding is that these failures in the test (JDK-8224954) do not reproduce in OpenJDK, but are Oracle internal. This is probably related to using a TLS connection to retrieve files, which initializes SunJSSE ahead of time.
18-07-2019
This is causing test failures on Windows. See JDK-8224954
29-05-2019