It looks like they did this in order to backport TLS 1.3 to JDK8: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-November/010573.html
The problem is that nothing in the TLS 1.3 spec requires ALPN. It's not listed as a mandatory extension, and there are no MUSTs elsewhere in the spec suggesting that ALPN is required for anything. Can anyone else make any sense of this? On Sat, Jun 6, 2020 at 10:51 AM Ryan Schmitt <[email protected]> wrote: > *Now* they do this? Where was this change three years ago? > > https://bugs.openjdk.java.net/browse/JDK-8233417 > > On Sat, Jun 6, 2020 at 10:42 AM Michael Osipov <[email protected]> > wrote: > >> Am 2020-06-05 um 19:05 schrieb Oleg Kalnichevski: >> > On Fri, 2020-06-05 at 11:40 -0400, Gary Gregory wrote: >> >> On Fri, Jun 5, 2020 at 11:08 AM Oleg Kalnichevski <[email protected]> >> >> wrote: >> >> >> >>> On Fri, 2020-06-05 at 09:16 -0400, Gary Gregory wrote: >> >>>> I have a repeatable failure on Oracle Java 8 (jdk1.8.0_251). See >> >>>> *below*. >> >>>> It is fine on Oracle Java 11.0.7. >> >>>> Please advise. >> >>>> >> >>> >> >>> Do you have a custom JSSE provider installed by any chance? >> >>> >> >> >> >> Nope, I just installed this JDK a couple of days ago and I've not >> >> touched >> >> it. But to confirm, should I look for jars or config files that might >> >> have >> >> been altered somehow? >> >> >> > >> > No, there is no need. Basically your JDK comes with JSSE implementation >> > that supports ALPN extension, whatever that JSSE implementation might >> > be. Our tests are based on the assumption JRE < 9 not supporting ALPN. >> >> I can reproduce this: >> >> > [ERROR] Failures: >> > [ERROR] H2ProtocolNegotiationTest.testNegotiateProtocol:239 >> > Expected: <HTTP/1.1> >> > but: was <HTTP/2.0> >> > [INFO] >> > [ERROR] Tests run: 367, Failures: 1, Errors: 0, Skipped: 7 >> > [INFO] >> >> On: >> > $ mvn -v >> > Apache Maven 3.5.4 (1edded0938998edf8bf061f1ceb3cfdeccf443fe; >> 2018-06-17T20:33:14+02:00) >> > Maven home: /usr/local/apache-maven-3.5.4 >> > Java version: 1.8.0_252, vendor: The FreeBSD Project, runtime: >> /usr/local/openjdk8/jre >> > Default locale: de_DE, platform encoding: UTF-8 >> > OS name: "freebsd", version: "12.1-stable", arch: "amd64", family: >> "unix" >> >> which is a AdoptOpenJDK fork for FreeBSD. >> >> The reason is: >> > Java™ SE Development Kit 8, Update 251 (JDK 8u251) >> > >> > April 14, 2020 >> >> > New Features >> > security-libs/javax.net.ssl >> > ➜ TLS Application-Layer Protocol Negotiation Extension >> > >> > JEP 244 has enhanced the Java Secure Socket Extension (JSSE) to >> providesupport for the TLS Application-Layer Protocol Negotiation (ALPN) >> Extension (RFC 7301). New methods have been added to the javax.net.ssl >> classes SSLEngine, SSLSocket, and SSLParameters to allow clients and >> servers to negotiate an application layer value as part of the TLS >> handshake. >> > >> > This API change was required by JSR 337 MR 3. >> >> What now? Do we now need to check for the patch version? >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >>
