Does the JSSE in Oracle JDK8 implements TLS Fallback SCSV?

About

Asked 27/6, 2017 at 12:49 Answered 27/6, 2017 at 14:19

It looks like JSSE in OpenJDK version 8 does not implement RFC7507. There is an open defect in OpenJDK bug tracker: JDK-8061798

But there is not much information about the Oracle JDK. Does the Oracle JDK version 8 implement TLS Fallback Signaling Cipher Suite Value (SCSV)? And if it does how this feature can be enabled?

Weakfish answered 27/6, 2017 at 12:49 Comment(3)

Have you found any patch support for TLS Fallback SCSV for Oracle JDK8? – Tussis 7/10, 2017 at 13:2

@Tussis no, unfortunately not. And it looks like that this feature won't be added in further JDK releases as it is almost not supported by major browsers. – Weakfish 3/5, 2018 at 14:58

Too bad it's impossible to achieve the A+ rating on ssllabs.com using JSSE. – Franek 28/10, 2018 at 8:13

I can find no evidence to suggest that the Oracle JDK 8 supports this feature.

It seems that the reason that the RFE in JDK-8061798 was not acted on is that this would be a breaking change. A comments on the above says:

As mentioned in the SSLParameters, this requires an API change for JDK 9, and likely can't be done for shipping JDK's.

UPDATE: The RFE was closed (WillNotFix) on 27th July 2017. The comments say that it was deemed unnecessary, since current mainstream web browsers no longer support this (legacy) feature. However comments say that if this changes, the RFE could be reopened.

Kennedy answered 27/6, 2017 at 14:19 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags