On 10/14/19 4:41 AM, Christian Schaefer wrote:
Hi all,
We have TLS connection issues when the server (openjdk version
"1.8.0_222") runs in FIPS 140.2 mode. The error thrown on the server is:
“javax.net.ssl.SSLException: Unsupported record version SSLv3” (which
originates from: sun.security.ssl.InputRecord.checkRecordVersion(…))
This error only happens when the server JRE runs in FIPS 140.2 mode.
This is because of the following code in class
sun.security.ssl.ProtocolVersion:
“
// minimum version we implement (SSL 3.0)
final static ProtocolVersion MIN = FIPS ? TLS10 : SSL30;
“
Our server **only** allows TLS 1.2 as TLS protocol version, however, If
I have the correct understanding of the TLS 1.2 specification enforcing
a record version of (at least ) TLS10 seems to violate the specification
(https://tools.ietf.org/html/rfc5246#appendix-E.1):
“
[…] Thus, TLS servers compliant with this specification MUST accept
any value {03,XX} as
the record layer version number for ClientHello. […]
(Appendix E. Backward Compatibility - E.1. Compatibility with TLS
1.0/1.1 and SSL 3.0)
“
Is this something which should be fixed in the JRE? Or is the behavior
of the client wrong?
Are you referring to the "FIPS 140 Compliant Mode for SunJSSE"? Note
that this was documented as an "experimental" feature and has since been
removed from the JDK [1]. However, one of the behavior differences of
this mode was documented as:
"Only TLS 1.0 and later can be used. SSL 2.0 and SSL 3.0 are not
available. Any attempt to enable SSL 2.0 or 3.0 will fail with an
exception."
Can you give more info as to why SSLv3.0 is being used since it has well
documented security weaknesses and should really no longer be used anymore?
Thanks,
Sean
[1] https://bugs.openjdk.java.net/browse/JDK-8217907
