My Oracle Support Banner

[Java SE] TLS 1.3 Handshake Failing For Middlebox Compatibility Mode (Doc ID 3016653.1)

Last updated on APRIL 30, 2024

Applies to:

Java SE JDK and JRE - Version 8 and later
Information in this document applies to any platform.

Symptoms

An implementation of TLS 1.3 (RFC 8446) has been included in JDK 8 based on RFC 8446 specification.

According to RFC 8446 (Transport Layer Security (TLS) Protocol Version 1.3) Appendix D.4 (Middlebox Compatibility Mode), if the client sends a non-empty session ID in the ClientHello message, the server sends a dummy change_cipher_spec (CCS) record immediately after its first handshake message. This may either be after a ServerHello or a HelloRetryRequest. However, while verifying this feature, it was found that the JDK server failed to send a dummy change_cipher_spec record after receiving the HelloRetryRequest message.

Changes

TLS 1.3 implementation included in JDK version 8u261.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.