info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
TLS 1.3 not selected with java 15
194 views
Skip to first unread message
mike
Jul 14, 2022, 10:27:24 AM7/14/22
to
Hi,
I enable java TLS 1.3 using:
systemProperties.put("jdk.tls.client.protocols", "TLSv1.3");
It works fine when I run it with JDK 11.
I can see the following in log:
"supported_versions (43)": {
"versions": [TLSv1.3]
},
Then when I run my tests with JDK 15 and try to setup my client for TLS 1.3.
I can see the following in log:
"supported_versions (43)": {
"versions": [TLSv1.2]
}
Which, AFAIK, means client supports only TLS 1.2
Can anyone explain why this happens in JDK 15? I am really puzzled.
//mike
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:305|No available cipher suite for TLSv1.3
javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:413|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|INFO|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|AlpnExtension.java:182|No available application protocols
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SessionTicketExtension.java:408|Stateless resumption supported
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.842 CEST|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "FC 46 09 1C B5 8B C0 33 D1 51 19 E4 CC F5 A0 CC 4B 8A 28 C0 DE 35 E0 59 6B 46 A2 D8 5F E3 7E A0",
"session id" : "",
"cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=seroius07825.sero.gic.ericsson.se
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"session_ticket (35)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.2]
}
]
I enable java TLS 1.3 using:
systemProperties.put("jdk.tls.client.protocols", "TLSv1.3");
It works fine when I run it with JDK 11.
I can see the following in log:
"supported_versions (43)": {
"versions": [TLSv1.3]
},
Then when I run my tests with JDK 15 and try to setup my client for TLS 1.3.
I can see the following in log:
"supported_versions (43)": {
"versions": [TLSv1.2]
}
Which, AFAIK, means client supports only TLS 1.2
Can anyone explain why this happens in JDK 15? I am really puzzled.
//mike
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV for TLSv1.3
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:305|No available cipher suite for TLSv1.3
javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:413|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|INFO|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|AlpnExtension.java:182|No available application protocols
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SessionTicketExtension.java:408|Stateless resumption supported
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.842 CEST|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "FC 46 09 1C B5 8B C0 33 D1 51 19 E4 CC F5 A0 CC 4B 8A 28 C0 DE 35 E0 59 6B 46 A2 D8 5F E3 7E A0",
"session id" : "",
"cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=seroius07825.sero.gic.ericsson.se
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"session_ticket (35)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.2]
}
]
mike
Jul 15, 2022, 4:52:33 AM7/15/22
to
I have now done more investigations and it does not seem related to the openjdk version. Here is my summary.
Any help/ideas is appreciated.
I hope it is more clear what the issue is.
//Mike
No available cipher suite for TLSv1.3 when runnning Tls13Test with maven but not as a single test in Eclipse.
Two unit tests each has it's onwn connections setup.
public void verifyTls13() throws Exception {
systemProperties.put("jdk.tls.client.protocols", "TLSv1.3");
System.setProperties(systemProperties);
System.out.println("Property TLS: " + System.getProperty("jdk.tls.client.protocols"));
Session session = client.openTlsSession(properties);
}
public void verifyTls12() throws Exception {
systemProperties.put("jdk.tls.client.protocols", "TLSv1.2");
System.setProperties(systemProperties);
System.out.println("Property TLS: " + System.getProperty("jdk.tls.client.protocols"));
Session session = client.openTlsSession(properties);
}
The socket for client using TLS is created with:
private static final String[] VERSIONS = new String[] { "TLSv1.2", "TLSv1.3" };
socket = getSSLSocketFactory().createSocket();
socket.connect(new InetSocketAddress(getHost(), getPort()), getConnectTimeoutMillis());
socket.setSoTimeout(1);
((SSLSocket) socket).setEnabledProtocols(VERSIONS);
Java version Vendor Windows Execution Result Chiper suites Supported versions
11.0.15 Azul Systems Win10 TestNG in Eclipse ( on single unit test with tls 1.3) ok "cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]" "versions": [TLSv1.3]
11.0.15 Azul Systems Win10 maven clean test nok javax.net.ssl|DEBUG|48|pool-27-thread-1|2022-07-15 10:07:37.459 CEST|HandshakeContext.java:305|No available cipher suite for TLSv1.3 "versions": [TLSv1.2]
When running 'maven clean test'
I can see in log that verifyTls12 has not been executed before so jdk.tls.client.protocols is not set to forcing TLS1.2
What am I missing here?
Single TestNG test log
======================
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.510 CEST|SSLExtension.java:824|System property jdk.tls.client.disableExtensions is set to 'null'
javax.net.ssl|WARNING|53|pool-6-thread-1|2022-07-14 16:06:13.511 CEST|ServerNameExtension.java:266|Unable to indicate server name
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.511 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: server_name
javax.net.ssl|INFO|53|pool-6-thread-1|2022-07-14 16:06:13.513 CEST|AlpnExtension.java:182|No available application protocols
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.513 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: dsa_sha256
javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.517 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: dsa_sha1
javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.517 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: rsa_md5
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.518 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.552 CEST|PreSharedKeyExtension.java:661|No session to resume.
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.553 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.555 CEST|ClientHello.java:641|Produced ClientHello handshake message (
"session id" : "A567033F5D72F3DF3E3B6694E1D2C0F945ED426B69E85546F2FD138C5698B9B6",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"ke_modes": [psk_dhe_ke]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: A1 2A 36 81 E0 84 49 13 3E 60 46 51 92 04 E4 C4 .*6...I.>`FQ....
0010: 80 08 15 E0 4B 9E 7C 39 B7 9B EE 38 E8 0B 71 5D ....K..9...8..q]
}
},
{
"named group": secp256r1
"key_exchange": {
0000: 04 DF 0C 96 B6 99 02 B1 A0 57 86 CA DA 32 8D 93 .........W...2..
0010: 9D CF 6A 7B 47 28 FD 5F 23 C3 20 EC 8E DA 83 BE ..j.G(._#. .....
0020: DB E0 F8 9E 20 CB A3 70 CB 35 FF 75 62 3C 58 20 .... ..p.5.ub<X
0030: 64 B1 CC 50 29 37 00 FA E2 9B 28 C5 8C 5F 24 BA d..P)7....(.._$.
0040: 6B
}
},
]
}
]
}
)
'maven clean test' log
======================
Any help/ideas is appreciated.
I hope it is more clear what the issue is.
//Mike
No available cipher suite for TLSv1.3 when runnning Tls13Test with maven but not as a single test in Eclipse.
Two unit tests each has it's onwn connections setup.
public void verifyTls13() throws Exception {
systemProperties.put("jdk.tls.client.protocols", "TLSv1.3");
System.out.println("Property TLS: " + System.getProperty("jdk.tls.client.protocols"));
Session session = client.openTlsSession(properties);
}
public void verifyTls12() throws Exception {
systemProperties.put("jdk.tls.client.protocols", "TLSv1.2");
System.setProperties(systemProperties);
System.out.println("Property TLS: " + System.getProperty("jdk.tls.client.protocols"));
Session session = client.openTlsSession(properties);
}
The socket for client using TLS is created with:
private static final String[] VERSIONS = new String[] { "TLSv1.2", "TLSv1.3" };
socket = getSSLSocketFactory().createSocket();
socket.connect(new InetSocketAddress(getHost(), getPort()), getConnectTimeoutMillis());
socket.setSoTimeout(1);
((SSLSocket) socket).setEnabledProtocols(VERSIONS);
Java version Vendor Windows Execution Result Chiper suites Supported versions
11.0.15 Azul Systems Win10 TestNG in Eclipse ( on single unit test with tls 1.3) ok "cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]" "versions": [TLSv1.3]
11.0.15 Azul Systems Win10 maven clean test nok javax.net.ssl|DEBUG|48|pool-27-thread-1|2022-07-15 10:07:37.459 CEST|HandshakeContext.java:305|No available cipher suite for TLSv1.3 "versions": [TLSv1.2]
When running 'maven clean test'
I can see in log that verifyTls12 has not been executed before so jdk.tls.client.protocols is not set to forcing TLS1.2
What am I missing here?
Single TestNG test log
======================
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.510 CEST|SSLExtension.java:824|System property jdk.tls.client.disableExtensions is set to 'null'
javax.net.ssl|WARNING|53|pool-6-thread-1|2022-07-14 16:06:13.511 CEST|ServerNameExtension.java:266|Unable to indicate server name
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.511 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: server_name
javax.net.ssl|INFO|53|pool-6-thread-1|2022-07-14 16:06:13.513 CEST|AlpnExtension.java:182|No available application protocols
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.513 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: dsa_sha256
javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.517 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: dsa_sha1
javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.517 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: rsa_md5
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.518 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.552 CEST|PreSharedKeyExtension.java:661|No session to resume.
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.553 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.555 CEST|ClientHello.java:641|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "C29CB7B08F99A229E9199175DE1B51CAD3A7562C2FC2EDF24FA9C7975442C722",
"client version" : "TLSv1.2",
"session id" : "A567033F5D72F3DF3E3B6694E1D2C0F945ED426B69E85546F2FD138C5698B9B6",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
"compression methods" : "00",
"extensions" : [
"extensions" : [
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"signature_algorithms (13)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3]
},
"psk_key_exchange_modes (45)": {
"versions": [TLSv1.3]
},
"ke_modes": [psk_dhe_ke]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: A1 2A 36 81 E0 84 49 13 3E 60 46 51 92 04 E4 C4 .*6...I.>`FQ....
0010: 80 08 15 E0 4B 9E 7C 39 B7 9B EE 38 E8 0B 71 5D ....K..9...8..q]
}
},
{
"named group": secp256r1
"key_exchange": {
0000: 04 DF 0C 96 B6 99 02 B1 A0 57 86 CA DA 32 8D 93 .........W...2..
0010: 9D CF 6A 7B 47 28 FD 5F 23 C3 20 EC 8E DA 83 BE ..j.G(._#. .....
0020: DB E0 F8 9E 20 CB A3 70 CB 35 FF 75 62 3C 58 20 .... ..p.5.ub<X
0030: 64 B1 CC 50 29 37 00 FA E2 9B 28 C5 8C 5F 24 BA d..P)7....(.._$.
0040: 6B
}
},
]
}
]
}
)
'maven clean test' log
======================
mike
Jul 18, 2022, 2:39:53 AM7/18/22
to
systemProperties.put("jdk.tls.client.protocols", "TLSv1.3");
Could this be the reason?
//mike
mike
Jul 18, 2022, 4:28:29 AM7/18/22
to
Arne Vajhøj
Jul 18, 2022, 7:50:32 PM7/18/22
to
Should be easy to test.
> So is it possible to run one unit test in a separate jvm?
One solution: two test suites that are run independently.
Another solution: ant junit task with fork="on" and forknode="perTest".
Arne
0 new messages