The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
Yes, on JDK 11 javax/net/ssl/DTLS/NoMacInitialClientHello.java and javax/net/ssl/DTLS/InvalidRecords.java tests depend on DTLS 1.0. I don't recollect the reason for the difference in test behavior on earlier releases.
15-04-2024
Hi [~mullan], thanks for the hint, adding that the tests pass!
Good to know it's just a test issue. I have been looking for differences in the tests, but could not spot a related difference. So it still would be good to understand.
10-04-2024
[~goetz] Yes, on JDK 11 those tests depend on DTLS 1.0 being enabled, so you need to remove it from the disabled list. You can add this statement to the main method of each of the tests:
`SecurityUtils.removeFromDisabledTlsAlgs("DTLSv1.0");`
I can't recall the reason why they behave differently on earlier releases, possibly the tests are a bit different and don't have updates from later JDK versions. [~coffeys] or [~pkoppula] do you recall why?
10-04-2024
Hi Prasadarao, [~pkoppula][~mullan]
I backported "8256660: Disable DTLS 1.0" to jdk11u. This is quite trivial ...
https://github.com/openjdk/jdk11u-dev/pull/2584
Nevertheless I get an unexpected jtreg test failure in two tests:
javax/net/ssl/DTLS/NoMacInitialClientHello.java
javax/net/ssl/DTLS/InvalidRecords.java
Both tests are quite similar.
With disabled DTLS 1.0, the tests fail because they can not
negotiate a protocol:
Server: Negotiated protocol is NONE
Server: Negotiated cipher suite is SSL_NULL_WITH_NULL_NULL
While in jdk17 (with DTLS 1.0 disabled) and jdk11 before this
change, the result is:
Server: Negotiated protocol is DTLSv1.2
Server: Negotiated cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Other tests in 11 (with the change) negotiate the same
protocols, e.g. javax/net/ssl/DTLS/ClientAuth.java. So this
basically works.
You backported this to jdk11u-oracle. Did you encounter
a similar issue? Do the tests need some adaption, although
they are equal to the tests in 17?
I would appreciate if you can share your experience here!
The detailed output:
#section:main
----------messages:(7/472)----------
command: main -Djdk.tls.client.enableStatusRequestExtension=false NoMacInitialClientHello
reason: User specified action: run main/othervm -Djdk.tls.client.enableStatusRequestExtension=false NoMacInitialClientHello
started: Tue Apr 09 15:26:56 CEST 2024
Mode: othervm [/othervm specified]
Additional options from @modules: --add-modules java.base --add-exports java.base/sun.security.util=ALL-UNNAMED
finished: Tue Apr 09 15:27:09 CEST 2024
elapsed time (seconds): 12.801
----------configuration:(4/111)----------
Boot Layer
add modules: java.base
add exports: java.base/sun.security.util ALL-UNNAMED
----------System.out:(46/3562)*----------
Server: =======handshake(1, NEED_UNWRAP)=======
Server: Receive DTLS records, handshake status is NEED_UNWRAP
Client: =======handshake(1, NEED_WRAP)=======
Client: ----produce handshake packet(1, OK, NEED_UNWRAP)----
Client: SSLEngineResult status OK
invalidate ClientHello message
Client: Produced 1 packets
Client: =======handshake(2, NEED_UNWRAP)=======
Client: Receive DTLS records, handshake status is NEED_UNWRAP
Server: SSLEngineResult status OK
Server: =======handshake(2, NEED_TASK)=======
Server: =======handshake(3, NOT_HANDSHAKING)=======
Server: Handshake status is NOT_HANDSHAKING, finish the loop
Server: Handshake finished, status is NOT_HANDSHAKING
Server: Negotiated protocol is NONE
Server: Negotiated cipher suite is SSL_NULL_WITH_NULL_NULL
Client: Warning: java.net.SocketTimeoutException: Receive timed out
Client: ----produce handshake packet(1, OK, NEED_UNWRAP)----
Client: SSLEngineResult status OK
Client: Reproduced 1 packets
Reproduced packet
0: 16 fe fd 00 00 00 00 00 00 00 01 01 11 01 00 01 // \\syn\\254\\253\\nul\\nul\\nul\\nul\\nul\\nul\\nul\\soh\\soh\\dc1\\soh\\nul\\soh
16: 05 00 00 00 00 00 00 01 05 fe fd 8a 14 9f ff a3 // \\enq\\nul\\nul\\nul\\nul\\nul\\nul\\soh\\enq\\254\\253\\138\\dc4\\159\\255\\163
32: 9e 19 0b ae 66 1f 9c 18 e8 d3 bf ae 0d 6e 22 ee // \\158\\em\\vt\\174f\\us\\156\\can\\232\\211\\191\\174\\rn"\\238
48: ed 82 fe 6c 75 01 bb a8 7a b5 3c 00 00 00 5c c0 // \\237\\130\\254lu\\soh\\187\\168z\\181<\\nul\\nul\\nul\\\\192
64: 2c c0 2b cc a9 c0 30 cc a8 c0 2f 00 9f cc aa 00 // ,\\192+\\204\\169\\1920\\204\\168\\192/\\nul\\159\\204\\170\\nul
80: a3 00 9e 00 a2 c0 24 c0 28 c0 23 c0 27 00 6b 00 // \\163\\nul\\158\\nul\\162\\192$\\192(\\192#\\192'\\nulk\\nul
96: 6a 00 67 00 40 c0 2e c0 32 c0 2d c0 31 c0 26 c0 // j\\nulg\\nul@\\192.\\1922\\192-\\1921\\192&\\192
112: 2a c0 25 c0 29 c0 0a c0 14 c0 09 c0 13 00 39 00 // *\\192%\\192)\\192\\n\\192\\dc4\\192\\t\\192\\dc3\\nul9\\nul
128: 38 00 33 00 32 c0 05 c0 0f c0 04 c0 0e 00 9d 00 // 8\\nul3\\nul2\\192\\enq\\192\\si\\192\\eot\\192\\so\\nul\\157\\nul
144: 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 7f 00 // \\156\\nul=\\nul<\\nul5\\nul/\\nul\\255\\soh\\nul\\nul\\127\\nul
160: 0a 00 16 00 14 00 1d 00 17 00 18 00 19 00 1e 01 // \\n\\nul\\syn\\nul\\dc4\\nul\\gs\\nul\\etb\\nul\\can\\nul\\em\\nul\\rs\\soh
176: 00 01 01 01 02 01 03 01 04 00 0b 00 02 01 00 00 // \\nul\\soh\\soh\\soh\\stx\\soh\\etx\\soh\\eot\\nul\\vt\\nul\\stx\\soh\\nul\\nul
192: 0d 00 28 00 26 04 03 05 03 06 03 08 04 08 05 08 // \\r\\nul(\\nul&\\eot\\etx\\enq\\etx\\ack\\etx\\b\\eot\\b\\enq\\b
208: 06 08 09 08 0a 08 0b 04 01 05 01 06 01 04 02 03 // \\ack\\b\\t\\b\\n\\b\\vt\\eot\\soh\\enq\\soh\\ack\\soh\\eot\\stx\\etx
224: 03 03 01 03 02 02 03 02 01 02 02 00 32 00 28 00 // \\etx\\etx\\soh\\etx\\stx\\stx\\etx\\stx\\soh\\stx\\stx\\nul2\\nul(\\nul
240: 26 04 03 05 03 06 03 08 04 08 05 08 06 08 09 08 // &\\eot\\etx\\enq\\etx\\ack\\etx\\b\\eot\\b\\enq\\b\\ack\\b\\t\\b
256: 0a 08 0b 04 01 05 01 06 01 04 02 03 03 03 01 03 // \\n\\b\\vt\\eot\\soh\\enq\\soh\\ack\\soh\\eot\\stx\\etx\\etx\\etx\\soh\\etx
272: 02 02 03 02 01 02 02 00 2b 00 03 02 fe fd // \\stx\\stx\\etx\\stx\\soh\\stx\\stx\\nul+\\nul\\etx\\stx\\254\\253
Attempt 1: Timeout occurred reading from socket.
Client: New handshake status is NEED_UNWRAP
Unexpected exception in server
Client: Handshake finished, status is NEED_UNWRAP
Client: Negotiated protocol is NONE
Client: Negotiated cipher suite is SSL_NULL_WITH_NULL_NULL
Unexpected exception in client.
----------System.err:(53/3903)----------
java.lang.Exception: Unexpected handshake status NEED_UNWRAP
at DTLSOverDatagram.handshake(DTLSOverDatagram.java:265)
at DTLSOverDatagram.doClientSide(DTLSOverDatagram.java:121)
at DTLSOverDatagram.runClient(DTLSOverDatagram.java:581)
at DTLSOverDatagram.runTest(DTLSOverDatagram.java:551)
at NoMacInitialClientHello.main(NoMacInitialClientHello.java:50)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
at java.base/java.lang.Thread.run(Thread.java:829)
javax.net.ssl.SSLHandshakeException: The client supported protocol versions [DTLSv1.0] are not accepted by server preferences [DTLS12]
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:347)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:303)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:294)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.negotiateProtocol(ClientHello.java:905)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:821)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:802)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1076)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1063)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1010)
at DTLSOverDatagram.runDelegatedTasks(DTLSOverDatagram.java:486)
at DTLSOverDatagram.handshake(DTLSOverDatagram.java:232)
at DTLSOverDatagram.doServerSide(DTLSOverDatagram.java:101)
at DTLSOverDatagram.runServer(DTLSOverDatagram.java:560)
at DTLSOverDatagram.lambda$runTest$0(DTLSOverDatagram.java:547)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
java.lang.Exception: Unexpected handshake status NEED_UNWRAP
at DTLSOverDatagram.handshake(DTLSOverDatagram.java:265)
at DTLSOverDatagram.doClientSide(DTLSOverDatagram.java:121)
at DTLSOverDatagram.runClient(DTLSOverDatagram.java:581)
at DTLSOverDatagram.runTest(DTLSOverDatagram.java:551)
at NoMacInitialClientHello.main(NoMacInitialClientHello.java:50)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
at java.base/java.lang.Thread.run(Thread.java:829)
JavaTest Message: Test threw exception: java.lang.Exception: Unexpected handshake status NEED_UNWRAP
JavaTest Message: shutting down test
STATUS:Failed.`main' threw exception: java.lang.Exception: Unexpected handshake status NEED_UNWRAP
----------rerun:(36/3011)*----------
cd .../jtreg-clx209-11/scratch/0 && \\
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/13052/bus \\
DISPLAY=localhost:13.0 \\
HOME=... \\
LANG=en_US.UTF-8 \\
LC_CTYPE=en_US.UTF-8 \\
PATH=/bin:/usr/bin:/usr/sbin \\
XDG_CONFIG_DIRS=/etc/xdg \\
XDG_DATA_DIRS=.../.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share:/usr/share/gnome \\
XDG_RUNTIME_DIR=/run/user/13052 \\
XDG_SESSION_CLASS=user \\
XDG_SESSION_ID=824 \\
XDG_SESSION_TYPE=tty \\
CLASSPATH=.../jtreg-clx209-11/classes/0/javax/net/ssl/DTLS/NoMacInitialClientHello.d:.../test/jdk/javax/net/ssl/DTLS:.../jtreg-clx209-11/classes/0/test/lib:.../test/lib:.../tools/jtreg-7.3.1+1/lib/jtreg.jar \\
.../build/linux_x86_64-normal-server-slowdebug-clx209/images/jdk/bin/java \\
-Dtest.vm.opts= \\
-Dtest.tool.vm.opts= \\
-Dtest.compiler.opts= \\
-Dtest.java.opts= \\
-Dtest.jdk=.../build/linux_x86_64-normal-server-slowdebug-clx209/images/jdk \\
-Dcompile.jdk=.../build/linux_x86_64-normal-server-slowdebug-clx209/images/jdk \\
-Dtest.timeout.factor=5.0 \\
-Dtest.nativepath=...nb/linux_x86_64/jdk11u-dev-dbg/images/test/jdk/jtreg/native \\
-Dtest.root=.../test/jdk \\
-Dtest.name=javax/net/ssl/DTLS/NoMacInitialClientHello.java \\
-Dtest.file=.../test/jdk/javax/net/ssl/DTLS/NoMacInitialClientHello.java \\
-Dtest.src=.../test/jdk/javax/net/ssl/DTLS \\
-Dtest.src.path=.../test/jdk/javax/net/ssl/DTLS:.../test/lib \\
-Dtest.classes=.../jtreg-clx209-11/classes/0/javax/net/ssl/DTLS/NoMacInitialClientHello.d \\
-Dtest.class.path=.../jtreg-clx209-11/classes/0/javax/net/ssl/DTLS/NoMacInitialClientHello.d:.../jtreg-clx209-11/classes/0/test/lib \\
-Dtest.modules=java.base/sun.security.util \\
--add-modules java.base \\
--add-exports java.base/sun.security.util=ALL-UNNAMED \\
-Djava.library.path=...nb/linux_x86_64/jdk11u-dev-dbg/images/test/jdk/jtreg/native \\
-Djdk.tls.client.enableStatusRequestExtension=false \\
com.sun.javatest.regtest.agent.MainWrapper .../jtreg-clx209-11/javax/net/ssl/DTLS/NoMacInitialClientHello.d/main.2.jta
result: Failed. Execution failed: `main' threw exception: java.lang.Exception: Unexpected handshake status NEED_UNWRAP
test result: Failed. Execution failed: `main' threw exception: java.lang.Exception: Unexpected handshake status NEED_UNWRAP