JDK-8244655 : Release Note: BoringSSL Rejects JSSE TLS 1.3 HTTPS Connections When status_request Extension Is Disabled
- Type: Sub-task
- Component: security-libs
- Sub-Component: javax.net.ssl
- Affected Version: 8u261,11
- Priority: P4
- Status: Closed
- Resolution: Delivered
- Submitted: 2020-05-08
- Updated: 2021-12-02
- Resolved: 2020-08-05
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 |
|---|
11Resolved  |
Description
BoringSSL is an SSL library deployed on some popular websites such as those run by Google/YouTube. An interoperability issue with the BoringSSL library can lead to a connection failure if TLSv1.3 is presented as the only enabled protocol in the ClientHello message and the certificate status_request extension is disabled. Enabling the certificate status_request extension by setting the `jdk.tls.client.enableStatusRequestExtension` system property to `true` will provide mitigation in such scenarios.