Bug ID: JDK-8270822 SSL Handshake fails for some sites (google.com) when TLSv1.3 is enabled

Type: Bug
Component: security-libs
Sub-Component: javax.net.ssl
Affected Version: 8
Priority: P4
Status: Open
Resolution: Unresolved
Submitted: 2021-07-16
Updated: 2024-05-29
JDK 14
14Fixed
ADDITIONAL SYSTEM INFORMATION :
Windows/openjdk version "1.8.0_292"

A DESCRIPTION OF THE PROBLEM :
For some sites (e.g. https://www.google.com - BoringSSL), SSL Handshake fails for TLSv1.3 only when ciphersuites are set manually via jdk.tls.client.cipherSuites. With the same set of ciphersuites, the SSL handshake is working for other sites (e.g. https://www.oracle.com)

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Set jdk.tls.client.protocols","TLSv1.3, TLSv1.2"
2. Set jdk.tls.client.cipherSuites with some ciphersuites
3. Open a HTTPS URL Connection to https://www.google.com

Note: When jdk.tls.client.protocols=TLSv1.3 and jdk.tls.client.enableStatusRequestExtension=true, the SSL handshake is working fine for the same set of ciphersuites. It's only when jdk.tls.client.protocols=TLSv1.3,TLSv1.2 , it is not working.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Successful SSL handshake
ACTUAL -
javax.net.ssl|FINE|01|main|2021-07-16 10:07:12.569 IST|SSLCipher.java:438|jdk.tls.keyLimits:  entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.475 IST|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=www.google.com) was replaced with (type=host_name (0), value=www.google.com)
javax.net.ssl|WARNING|01|main|2021-07-16 10:07:13.621 IST|SignatureScheme.java:297|Signature algorithm, ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|01|main|2021-07-16 10:07:13.621 IST|SignatureScheme.java:297|Signature algorithm, ed448, is not supported by the underlying providers
javax.net.ssl|INFO|01|main|2021-07-16 10:07:13.627 IST|AlpnExtension.java:161|No available application protocols
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.630 IST|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.631 IST|SSLExtensions.java:260|Ignore, context unavailable extension: cookie
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.645 IST|PreSharedKeyExtension.java:634|No session to resume.
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.645 IST|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.649 IST|ClientHello.java:575|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "60 A4 2C 72 81 40 C2 CA 20 B0 E3 6E 1B 79 EF 58 F6 DD C9 50 B1 B9 16 27 CE E1 68 E1 02 7B B6 70",
  "session id"          : "DE 1D B1 59 08 FA BA 71 40 AC BF FA 84 82 0B 36 AB 61 65 E9 0C 37 E4 EC 79 D6 07 6C E4 9B E6 C5",
  "cipher suites"       : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=www.google.com
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
      "cert status request": {
        "certificate status type": ocsp_multi
        "OCSP status request": {
          "responder_id": <empty>
          "request extensions": {
            <empty>
          }
        }
      }
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": secp256r1
          "key_exchange": {
            0000: 04 CE 12 71 2B CE 1F 20   25 9C 4E 23 79 D2 70 1A  ...q+.. %.N#y.p.
            0010: 3E C3 3D 2D 24 DB 80 35   DD 9D 16 8A D8 17 2D 0E  >.=-$..5......-.
            0020: 80 19 A2 57 E2 15 E2 FD   97 9C A6 25 8A D8 24 5B  ...W.......%..$[
            0030: 0E 2B 8F D6 1B 77 FD 11   0B E1 80 4C 67 AF A6 B0  .+...w.....Lg...
            0040: FB
          }
        },
      ]
    },
    "renegotiation_info (65,281)": {
      "renegotiated connection": [<no renegotiated connection>]
    }
  ]
}
)
javax.net.ssl|FINE|01|main|2021-07-16 10:07:13.776 IST|Alert.java:238|Received alert message (
"Alert": {
  "level"      : "fatal",
  "description": "handshake_failure"
}

---------- BEGIN SOURCE ----------
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;

public class TestHTTPS {

	public static void main(String[] args) {
		try {
			String urlStr = "https://www.google.com";
			//String urlStr = "https://www.youtube.com";
			
			System.setProperty("jdk.tls.client.protocols","TLSv1.3, TLSv1.2"); 
			
			//System.setProperty("jdk.tls.client.enableStatusRequestExtension","true");
			System.setProperty("jdk.tls.client.cipherSuites","TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384"); 
			
			System.setProperty("javax.net.debug", "ssl:handshake");
			
			URL url = new URL(urlStr);
			URLConnection conn = url.openConnection();
			InputStream inp = conn.getInputStream();
			System.out.println("Connected:");
			inp.close();
		}
		catch(Exception e) {
			e.printStackTrace();
		}

	}
}

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Upgrade to OpenJDK11. But I want to know if the issue can be fixed in the OpenJDK8

FREQUENCY : always
This may be a duplicate of JDK-8241360.
19-07-2021
The observations on Windows 10: JDK 8: Received SSLHandshakeException: Received fatal alert: handshake_failure JDK 11: Passed.
16-07-2021