[Bug 69802] New: optional certificateVerification with TLS 1.3 gives a warning but it should work fine

Wed, 03 Sep 2025 03:59:40 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=69802

            Bug ID: 69802
           Summary: optional certificateVerification with TLS 1.3 gives a
                    warning but it should work fine
           Product: Tomcat 11
           Version: 11.0.10
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Connectors
          Assignee: dev@tomcat.apache.org
          Reporter: gr.grzy...@gmail.com
  Target Milestone: -------

I wanted to use web.xml's login-config with CLIENT-CERT.

I've configured (server.xml):

<SSLHostConfig truststoreFile="..."
               truststorePassword="..."
               certificateVerification="optional"
               tls13RenegotiationAvailable="true"
               protocols="TLSv1.3"
               >

There's a warning printed:

The context [{0}] in virtual host [{1}] is configured to use CLIENT-CERT
authentication and [{2}] is configured to support TLS 1.3 using JSSE. Use of
CLIENT-CERT authentication is not compatible with the use of TLS 1.3 and JSSE
unless certificateVerification is set to required.

org.apache.tomcat.util.net.jsse.JSSEUtil#isTls13RenegAuthAvailable explicitly
returns "false"

However this configuration still works - with `javax.net.debug=all` I see
correct CertificateRequest message being sent and client responding with no
certificate without terminating TLS 1.3 handshake....

The explicit return if `false` dates back to 2019:
https://github.com/apache/tomcat/commit/4aac8d4b06bcf5a0ff5246d54d4fa4e00372f743

I see https://bugs.openjdk.org/browse/JDK-8206923 which is no longer at the
state "won't fix", but justifies lack of PHA with HTTP/2 requirements.
Especially:
 - https://www.rfc-editor.org/rfc/rfc8740.html#name-post-handshake-authenticati
 - https://www.rfc-editor.org/rfc/rfc9113#name-tls-13-features

However TLS 1.3 RFC defines two messages:
 - https://www.rfc-editor.org/rfc/rfc8446.html#section-4.3.2 -
`CertificateRequest` during handshake (just after `EncryptedExtensions`)
 - https://www.rfc-editor.org/rfc/rfc8446.html#section-4.6.2 - PHA -
`CertificateRequest` after handshake

https://bugs.openjdk.org/browse/JDK-8206923 is about PHA, not about sending (or
not) certificates DURING handshake in response of CertificateRequest.

https://openjdk.org/jeps/332 says explicitly that PHA is not supported and not
a goal of JEP 332 (TLS 1.3)

Looks like TLS 1.3 PHA:
 - is not implemented by JDK
 - is not suitable with HTTP/2

But there's nothing wrong with optional certificate authentication (thus
enabling CLIENT-CERT in web.xml) with _normal_ CertificateRequest...

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to