BoringSSL + TLSv1.2 client side SSL renegociation fails
See original GitHub issueExpected behavior
BoringSSL based SSLEngine should support SSL renegociation out of the box like the JDK one.
Actual behavior
SSLEngine and connection crashes during renegociation.
This issue was originally reported against Gatling, see https://github.com/gatling/gatling/issues/4120 for more details.
Steps to reproduce
See pure Netty reproducer below.
Minimal yet complete reproducer code (or URL to code)
https://github.com/slandelle/netty-ssl-renegociation
Netty version
4.1.66.Final
JVM version (e.g. java -version
)
openjdk version “1.8.0_292” OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_292-b10) OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.292-b10, mixed mode)
OS version (e.g. uname -a
)
Darwin Kernel Version 20.5.0: Sat May 8 05:10:33 PDT 2021; root:xnu-7195.121.3~9/RELEASE_X86_64 x86_64
Issue Analytics
- State:
- Created 2 years ago
- Comments:11 (11 by maintainers)
Top Results From Across the Web
ssl/test/runner/runner.go - boringssl - Git at Google
“:NO_SHARED_CIPHER:” (a BoringSSL error string) to something ... OpenSSL sends the status_request extension on resumption in TLS 1.2. Test that this is.
Read more >Rehash: How to Fix the SSL/TLS Handshake Failed Error
The TLS Handshake Failed error can originate from the client or the server, here's a guide for fixing the problem for both users...
Read more >Resolve the client SSL/TLS negotiation error when connecting ...
A client TLS negotiation error means that a TLS connection initiated by the client was unable to establish a session with the load...
Read more >TLS v1.3 error with certain endpoints - Description: Illegal ...
Unsupported TLS 1.2 ciphers would be ignored in the handshake as stated ... and AES256 with SHA384 but BoringSSL supports AES128 with SHA384 ......
Read more >TLS Client Hello Failed with serve… | Apple Developer Forums
2021-02-19 20:05:32.915327+0800 app[1915:295071] [boringssl] boringssl_session_handshake_incomplete(90) [C1:2][0x1229fea70] SSL library error.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Again??? You’re just back! 😆
tcnative change that is needed: https://github.com/netty/netty-tcnative/pull/654