Bug ID: JDK-8245466 Backport TLSv1.3 protocol implementation

JDK-8245466 : Backport TLSv1.3 protocol implementation

Type: Enhancement
Component: security-libs
Sub-Component: javax.net.ssl
Affected Version: openjdk8u262

Priority: P3
Status: Resolved
Resolution: Fixed

Submitted: 2020-05-20
Updated: 2020-11-19
Resolved: 2020-08-31

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

Other
openjdk8u272 b06Fixed

Related Reports

CSR :	JDK-8248721 - Backport TLSv1.3 protocol implementation
Relates :	JDK-8257030 - SSL Sockets staying open at the OS level after having been closed
Relates :	JDK-8256662 - TLS 1.3 Implementation

Sub Tasks

JDK-8245467 :	Remove 8u TLSv1.2 implementation files - Resolved
JDK-8245468 :	Add TLSv1.3 implementation classes from 11.0.7 - Resolved
JDK-8245469 :	Remove DTLS protocol implementation - Resolved
JDK-8245470 :	Fix JDK8 compatibility issues - Resolved
JDK-8245471 :	Revert JDK-8148188 - Resolved
JDK-8245472 :	Backport JDK-8038893 to JDK8 - Resolved
JDK-8245473 :	OCSP stapling support - Resolved
JDK-8245474 :	Add TLS_KRB5 cipher suites support according to RFC-2712 - Resolved
JDK-8245476 :	Disable TLSv1.3 protocol in the ClientHello message by default - Resolved
JDK-8245477 :	Adjust TLS tests location - Resolved
JDK-8245653 :	Remove 8u TLS tests - Resolved
JDK-8245681 :	Add TLSv1.3 regression test from 11.0.7 - Resolved
JDK-8247276 :	Backport JDK-8161973 - Resolved
JDK-8251340 :	Mismatch in jsse.enableMFLNExtension property name - New
JDK-8251341 :	Minimal Java specification change - Resolved
JDK-8251478 :	Backport TLSv1.3 regression tests to JDK8u - Resolved

Description

This backport should include the following features:
- TLSv1.3 protocol implementation on the base of JDK11.0.7
- No DTLS protocol support
- OCSP Stapling (JEP-249) should be supported but disabled by default
- TLS_KRB5 cipher suites (RFC 2712) should be supported
- Implementation should not propose TLSv1.3 protocol in the ClientHello message by default
- Update for TLS related regression tests

Comments

Merged for 8u272 release: https://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/rev/4546aa3faf37

31-08-2020

Approved. Will merge once everything else is ready for 8u272 rampdown.

28-08-2020

Fix request (8u) I'd like to request an approval to have this enhancement in 8u. Having a SunJSSE engine that supports TLS v1.3 is critical for the compatibility and security of the 8u release. All the sub-tasks of this meta-ticket have been review-approved (see links to review-approval as comments on each of them). No test regressions observed in any of the SSL-related tests (see review comments for JDK-8251478). CSR has been approved. Code is currently pushed to the jdk8u-jsse-incubator repository [1] and will be merged into 8u main line (targeting 8u272 release) if this request is approved. -- [1] - http://hg.openjdk.java.net/jdk8u/jdk8u-jsse-incubator/

28-08-2020