Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.12.8, 1.12.9, 1.13.7, 1.13.8, 1.14.3, 1.14.4, 1.15.0
Description
When SSL endpoint verification is enabled the configuration for protocols and ciphers reverts to the SSLContext's client mode defaults. This can result in difficulty upgrade the JDK when the newer JDK may use different defaults for client and server mode SSL.
Oracle JDK 1.8.0_u261 and OpenJDK 1.8.0_u272 replaced the SSL implementation with a back port from Java 11. This changed the default server protocols from [SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2] to [TLSv1.3,TLSv1.2,SSLv2Hello] and client to [TLSv1.3,TLSv1.2]. With this bug the the server protocols get reset to the client protocols dropping support for the SSLv2Hello protocol, which is the first priority protocol by default in the old JDK.
The result is a failure to handshake with the following exception:
javax.net.ssl.SSLHandshakeException: SSLv2Hello is not enabled
To reproduce you need to have endpoint validation enabled on your SSL configuration. Set your protocols to `any`. Start 1st locator with JDK older than 1.8.0_u261. Start 2nd locator with JDK at least as new as JDK 1.8.0_u272.
Attachments
Issue Links
- is blocked by
-
-
- Closed
-
- is caused by
-
-
- Closed
-
- Is contained by
-
-
- Resolved
-
- links to