1. Forum
  2. Usenet
  3. COMP.LANG.JAVA.PROGRAMMER

  • TLS 1.3 not selected with java 15

    From mike@21:1/5 to All on Thu Jul 14 07:27:15 2022
    Hi,

    I enable java TLS 1.3 using:

    systemProperties.put("jdk.tls.client.protocols", "TLSv1.3");

    It works fine when I run it with JDK 11.

    I can see the following in log:

    "supported_versions (43)": {
    "versions": [TLSv1.3]
    },

    Then when I run my tests with JDK 15 and try to setup my client for TLS 1.3.

    I can see the following in log:

    "supported_versions (43)": {
    "versions": [TLSv1.2]
    }

    Which, AFAIK, means client supports only TLS 1.2

    Can anyone explain why this happens in JDK 15? I am really puzzled.

    //mike

    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:305|No available cipher suite for TLSv1.3
    javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
    javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
    javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:413|Ignore disabled signature scheme: rsa_md5
    javax.net.ssl|INFO|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|AlpnExtension.java:182|No available application protocols
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SessionTicketExtension.java:408|Stateless resumption supported
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: renegotiation_info
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.842 CEST|ClientHello.java:652|Produced ClientHello handshake message (
    "ClientHello": {
    "client version" : "TLSv1.2",
    "random" : "FC 46 09 1C B5 8B C0 33 D1 51 19 E4 CC F5 A0 CC 4B 8A 28 C0 DE 35 E0 59 6B 46 A2 D8 5F E3 7E A0",
    "session id" : "",
    "cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_
    CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_
    SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_
    GCM_SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025),
    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_
    CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_ECDSA_WITH_AES_
    128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_
    SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
    "compression methods" : "00",
    "extensions" : [
    "server_name (0)": {
    type=host_name (0), value=seroius07825.sero.gic.ericsson.se
    },
    "status_request (5)": {
    "certificate status type": ocsp
    "OCSP status request": {
    "responder_id": <empty>
    "request extensions": {
    <empty>
    }
    }
    },
    "supported_groups (10)": {
    "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
    "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_
    sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_
    sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
    "cert status request": {
    "certificate status type": ocsp_multi
    "OCSP status request": {
    "responder_id": <empty>
    "request extensions": {
    <empty>
    }
    }
    }
    },
    "extended_master_secret (23)": {
    <empty>
    },
    "session_ticket (35)": {
    <empty>
    },
    "supported_versions (43)": {
    "versions": [TLSv1.2]
    }
    ]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From mike@21:1/5 to All on Fri Jul 15 01:52:25 2022
    I have now done more investigations and it does not seem related to the openjdk version. Here is my summary.
    Any help/ideas is appreciated.
    I hope it is more clear what the issue is.

    //Mike

    No available cipher suite for TLSv1.3 when runnning Tls13Test with maven but not as a single test in Eclipse.

    Two unit tests each has it's onwn connections setup.


    public void verifyTls13() throws Exception {

    systemProperties.put("jdk.tls.client.protocols", "TLSv1.3");
    System.setProperties(systemProperties);
    System.out.println("Property TLS: " + System.getProperty("jdk.tls.client.protocols"));
    Session session = client.openTlsSession(properties);
    }


    public void verifyTls12() throws Exception {

    systemProperties.put("jdk.tls.client.protocols", "TLSv1.2");
    System.setProperties(systemProperties);
    System.out.println("Property TLS: " + System.getProperty("jdk.tls.client.protocols"));
    Session session = client.openTlsSession(properties);
    }

    The socket for client using TLS is created with:

    private static final String[] VERSIONS = new String[] { "TLSv1.2", "TLSv1.3" };

    socket = getSSLSocketFactory().createSocket();
    socket.connect(new InetSocketAddress(getHost(), getPort()), getConnectTimeoutMillis());
    socket.setSoTimeout(1);
    ((SSLSocket) socket).setEnabledProtocols(VERSIONS);





    Java version Vendor Windows Execution Result Chiper suites Supported versions
    11.0.15 Azul Systems Win10 TestNG in Eclipse ( on single unit test with tls 1.3) ok "cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]" "versions": [TLSv1.3]
    11.0.15 Azul Systems Win10 maven clean test nok javax.net.ssl|DEBUG|48|pool-27-thread-1|2022-07-15 10:07:37.459 CEST|HandshakeContext.java:305|No available cipher suite for TLSv1.3 "versions": [TLSv1.2]



    When running 'maven clean test'

    I can see in log that verifyTls12 has not been executed before so jdk.tls.client.protocols is not set to forcing TLS1.2


    What am I missing here?

    Single TestNG test log
    ======================

    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.510 CEST|SSLExtension.java:824|System property jdk.tls.client.disableExtensions is set to 'null'
    javax.net.ssl|WARNING|53|pool-6-thread-1|2022-07-14 16:06:13.511 CEST|ServerNameExtension.java:266|Unable to indicate server name
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.511 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: server_name
    javax.net.ssl|INFO|53|pool-6-thread-1|2022-07-14 16:06:13.513 CEST|AlpnExtension.java:182|No available application protocols
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.513 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: dsa_sha256
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: ecdsa_sha224
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: rsa_sha224
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: dsa_sha224
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.517 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: dsa_sha1
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.517 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: rsa_md5
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.518 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.552 CEST|PreSharedKeyExtension.java:661|No session to resume.
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.553 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.555 CEST|ClientHello.java:641|Produced ClientHello handshake message (
    "ClientHello": {
    "client version" : "TLSv1.2",
    "random" : "C29CB7B08F99A229E9199175DE1B51CAD3A7562C2FC2EDF24FA9C7975442C722",
    "session id" : "A567033F5D72F3DF3E3B6694E1D2C0F945ED426B69E85546F2FD138C5698B9B6",
    "cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
    "compression methods" : "00",
    "extensions" : [
    "status_request (5)": {
    "certificate status type": ocsp
    "OCSP status request": {
    "responder_id": <empty>
    "request extensions": {
    <empty>
    }
    }
    },
    "supported_groups (10)": {
    "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "signature_algorithms (13)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_
    sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "supported_versions (43)": {
    "versions": [TLSv1.3]
    },
    "psk_key_exchange_modes (45)": {
    "ke_modes": [psk_dhe_ke]
    },
    "signature_algorithms_cert (50)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_
    sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "key_share (51)": {
    "client_shares": [
    {
    "named group": x25519
    "key_exchange": {
    0000: A1 2A 36 81 E0 84 49 13 3E 60 46 51 92 04 E4 C4 .*6...I.>`FQ....
    0010: 80 08 15 E0 4B 9E 7C 39 B7 9B EE 38 E8 0B 71 5D ....K..9...8..q]
    }
    },
    {
    "named group": secp256r1
    "key_exchange": {
    0000: 04 DF 0C 96 B6 99 02 B1 A0 57 86 CA DA 32 8D 93 .........W...2..
    0010: 9D CF 6A 7B 47 28 FD 5F 23 C3 20 EC 8E DA 83 BE ..j.G(._#. .....
    0020: DB E0 F8 9E 20 CB A3 70 CB 35 FF 75 62 3C 58 20 .... ..p.5.ub<X
    0030: 64 B1 CC 50 29 37 00 FA E2 9B 28 C5 8C 5F 24 BA d..P)7....(.._$.
    0040: 6B
    }
    },
    ]
    }
    ]
    }
    )


    'maven clean test' log
    ======================

    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:305|No available cipher suite for TLSv1.3
    javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
    javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
    javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:413|Ignore disabled signature scheme: rsa_md5
    javax.net.ssl|INFO|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|AlpnExtension.java:182|No available application protocols
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SessionTicketExtension.java:408|Stateless resumption supported
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: renegotiation_info
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.842 CEST|ClientHello.java:652|Produced ClientHello handshake message (
    "ClientHello": {
    "client version" : "TLSv1.2",
    "random" : "FC 46 09 1C B5 8B C0 33 D1 51 19 E4 CC F5 A0 CC 4B 8A 28 C0 DE 35 E0 59 6B 46 A2 D8 5F E3 7E A0",
    "session id" : "",
    "cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_
    CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_
    SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_
    GCM_SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025),
    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_
    CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_ECDSA_WITH_AES_
    128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_
    SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
    "compression methods" : "00",
    "extensions" : [
    "server_name (0)": {
    type=host_name (0), value=seroius07825.sero.gic.ericsson.se
    },
    "status_request (5)": {
    "certificate status type": ocsp
    "OCSP status request": {
    "responder_id": <empty>
    "request extensions": {
    <empty>
    }
    }
    },
    "supported_groups (10)": {
    "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
    "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_
    sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_
    sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
    "cert status request": {
    "certificate status type": ocsp_multi
    "OCSP status request": {
    "responder_id": <empty>
    "request extensions": {
    <empty>
    }
    }
    }
    },
    "extended_master_secret (23)": {
    <empty>
    },
    "session_ticket (35)": {
    <empty>
    },
    "supported_versions (43)": {
    "versions": [TLSv1.2]
    }
    ]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From mike@21:1/5 to All on Sun Jul 17 23:39:46 2022
    fredag 15 juli 2022 kl. 10:52:33 UTC+2 skrev mike:
    I have now done more investigations and it does not seem related to the openjdk version. Here is my summary.
    Any help/ideas is appreciated.
    I hope it is more clear what the issue is.

    //Mike

    No available cipher suite for TLSv1.3 when runnning Tls13Test with maven but not as a single test in Eclipse.

    Two unit tests each has it's onwn connections setup.


    public void verifyTls13() throws Exception { systemProperties.put("jdk.tls.client.protocols", "TLSv1.3"); System.setProperties(systemProperties);
    System.out.println("Property TLS: " + System.getProperty("jdk.tls.client.protocols"));
    Session session = client.openTlsSession(properties);
    }


    public void verifyTls12() throws Exception {

    systemProperties.put("jdk.tls.client.protocols", "TLSv1.2"); System.setProperties(systemProperties);
    System.out.println("Property TLS: " + System.getProperty("jdk.tls.client.protocols"));
    Session session = client.openTlsSession(properties);
    }

    The socket for client using TLS is created with:

    private static final String[] VERSIONS = new String[] { "TLSv1.2", "TLSv1.3" };

    socket = getSSLSocketFactory().createSocket();
    socket.connect(new InetSocketAddress(getHost(), getPort()), getConnectTimeoutMillis());
    socket.setSoTimeout(1);
    ((SSLSocket) socket).setEnabledProtocols(VERSIONS);





    Java version Vendor Windows Execution Result Chiper suites Supported versions
    11.0.15 Azul Systems Win10 TestNG in Eclipse ( on single unit test with tls 1.3) ok "cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]" "versions": [TLSv1.3]
    11.0.15 Azul Systems Win10 maven clean test nok javax.net.ssl|DEBUG|48|pool-27-thread-1|2022-07-15 10:07:37.459 CEST|HandshakeContext.java:305|No available cipher suite for TLSv1.3 "versions": [TLSv1.2]



    When running 'maven clean test'

    I can see in log that verifyTls12 has not been executed before so jdk.tls.client.protocols is not set to forcing TLS1.2


    What am I missing here?

    Single TestNG test log
    ======================

    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.510 CEST|SSLExtension.java:824|System property jdk.tls.client.disableExtensions is set to 'null'
    javax.net.ssl|WARNING|53|pool-6-thread-1|2022-07-14 16:06:13.511 CEST|ServerNameExtension.java:266|Unable to indicate server name
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.511 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: server_name
    javax.net.ssl|INFO|53|pool-6-thread-1|2022-07-14 16:06:13.513 CEST|AlpnExtension.java:182|No available application protocols
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.513 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: dsa_sha256
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: ecdsa_sha224
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: rsa_sha224
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: dsa_sha224
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.517 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: dsa_sha1
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.517 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: rsa_md5
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.518 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.552 CEST|PreSharedKeyExtension.java:661|No session to resume.
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.553 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.555 CEST|ClientHello.java:641|Produced ClientHello handshake message (
    "ClientHello": {
    "client version" : "TLSv1.2",
    "random" : "C29CB7B08F99A229E9199175DE1B51CAD3A7562C2FC2EDF24FA9C7975442C722",
    "session id" : "A567033F5D72F3DF3E3B6694E1D2C0F945ED426B69E85546F2FD138C5698B9B6",
    "cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
    "compression methods" : "00",
    "extensions" : [
    "status_request (5)": {
    "certificate status type": ocsp
    "OCSP status request": {
    "responder_id": <empty>
    "request extensions": {
    <empty>
    }
    }
    },
    "supported_groups (10)": {
    "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "signature_algorithms (13)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256,
    rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "supported_versions (43)": {
    "versions": [TLSv1.3]
    },
    "psk_key_exchange_modes (45)": {
    "ke_modes": [psk_dhe_ke]
    },
    "signature_algorithms_cert (50)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256,
    rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "key_share (51)": {
    "client_shares": [
    {
    "named group": x25519
    "key_exchange": {
    0000: A1 2A 36 81 E0 84 49 13 3E 60 46 51 92 04 E4 C4 .*6...I.>`FQ....
    0010: 80 08 15 E0 4B 9E 7C 39 B7 9B EE 38 E8 0B 71 5D ....K..9...8..q]
    }
    },
    {
    "named group": secp256r1
    "key_exchange": {
    0000: 04 DF 0C 96 B6 99 02 B1 A0 57 86 CA DA 32 8D 93 .........W...2..
    0010: 9D CF 6A 7B 47 28 FD 5F 23 C3 20 EC 8E DA 83 BE ..j.G(._#. .....
    0020: DB E0 F8 9E 20 CB A3 70 CB 35 FF 75 62 3C 58 20 .... ..p.5.ub<X
    0030: 64 B1 CC 50 29 37 00 FA E2 9B 28 C5 8C 5F 24 BA d..P)7....(.._$.
    0040: 6B
    }
    },
    ]
    }
    ]
    }
    )


    'maven clean test' log
    ======================
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:305|No available cipher suite for TLSv1.3
    javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
    javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
    javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:413|Ignore disabled signature scheme: rsa_md5
    javax.net.ssl|INFO|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|AlpnExtension.java:182|No available application protocols
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SessionTicketExtension.java:408|Stateless resumption supported
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: renegotiation_info
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.842 CEST|ClientHello.java:652|Produced ClientHello handshake message (
    "ClientHello": {
    "client version" : "TLSv1.2",
    "random" : "FC 46 09 1C B5 8B C0 33 D1 51 19 E4 CC F5 A0 CC 4B 8A 28 C0 DE 35 E0 59 6B 46 A2 D8 5F E3 7E A0",
    "session id" : "",
    "cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_
    POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
    0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_
    RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_
    SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025),
    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_
    SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_ECDSA_WITH_AES_128_
    CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(
    0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
    "compression methods" : "00",
    "extensions" : [
    "server_name (0)": {
    type=host_name (0), value=seroius07825.sero.gic.ericsson.se
    },
    "status_request (5)": {
    "certificate status type": ocsp
    "OCSP status request": {
    "responder_id": <empty>
    "request extensions": {
    <empty>
    }
    }
    },
    "supported_groups (10)": {
    "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
    "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384,
    rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384,
    rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
    "cert status request": {
    "certificate status type": ocsp_multi
    "OCSP status request": {
    "responder_id": <empty>
    "request extensions": {
    <empty>
    }
    }
    }
    },
    "extended_master_secret (23)": {
    <empty>
    },
    "session_ticket (35)": {
    <empty>
    },
    "supported_versions (43)": {
    "versions": [TLSv1.2]
    }
    ]

    I wonder if it is due to I run the unit tests in the same jvm and use:

    systemProperties.put("jdk.tls.client.protocols", "TLSv1.3");

    So if the the system property is set to TLSv1.2 in a previous test it is not possible to change when the same JVM is used.

    Could this be the reason?

    //mike

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From mike@21:1/5 to All on Mon Jul 18 01:28:17 2022
    måndag 18 juli 2022 kl. 08:39:53 UTC+2 skrev mike:
    fredag 15 juli 2022 kl. 10:52:33 UTC+2 skrev mike:
    I have now done more investigations and it does not seem related to the openjdk version. Here is my summary.
    Any help/ideas is appreciated.
    I hope it is more clear what the issue is.

    //Mike

    No available cipher suite for TLSv1.3 when runnning Tls13Test with maven but not as a single test in Eclipse.

    Two unit tests each has it's onwn connections setup.


    public void verifyTls13() throws Exception { systemProperties.put("jdk.tls.client.protocols", "TLSv1.3"); System.setProperties(systemProperties);
    System.out.println("Property TLS: " + System.getProperty("jdk.tls.client.protocols"));
    Session session = client.openTlsSession(properties);
    }


    public void verifyTls12() throws Exception {

    systemProperties.put("jdk.tls.client.protocols", "TLSv1.2"); System.setProperties(systemProperties);
    System.out.println("Property TLS: " + System.getProperty("jdk.tls.client.protocols"));
    Session session = client.openTlsSession(properties);
    }

    The socket for client using TLS is created with:

    private static final String[] VERSIONS = new String[] { "TLSv1.2", "TLSv1.3" };

    socket = getSSLSocketFactory().createSocket();
    socket.connect(new InetSocketAddress(getHost(), getPort()), getConnectTimeoutMillis());
    socket.setSoTimeout(1);
    ((SSLSocket) socket).setEnabledProtocols(VERSIONS);





    Java version Vendor Windows Execution Result Chiper suites Supported versions
    11.0.15 Azul Systems Win10 TestNG in Eclipse ( on single unit test with tls 1.3) ok "cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]" "versions": [TLSv1.3]
    11.0.15 Azul Systems Win10 maven clean test nok javax.net.ssl|DEBUG|48|pool-27-thread-1|2022-07-15 10:07:37.459 CEST|HandshakeContext.java:305|No available cipher suite for TLSv1.3 "versions": [TLSv1.2]



    When running 'maven clean test'

    I can see in log that verifyTls12 has not been executed before so jdk.tls.client.protocols is not set to forcing TLS1.2


    What am I missing here?

    Single TestNG test log
    ======================

    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.510 CEST|SSLExtension.java:824|System property jdk.tls.client.disableExtensions is set to 'null'
    javax.net.ssl|WARNING|53|pool-6-thread-1|2022-07-14 16:06:13.511 CEST|ServerNameExtension.java:266|Unable to indicate server name
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.511 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: server_name
    javax.net.ssl|INFO|53|pool-6-thread-1|2022-07-14 16:06:13.513 CEST|AlpnExtension.java:182|No available application protocols
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.513 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: dsa_sha256
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: ecdsa_sha224
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: rsa_sha224
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.516 CEST|SignatureScheme.java:393|Ignore unsupported signature scheme: dsa_sha224
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.517 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: dsa_sha1
    javax.net.ssl|ALL|53|pool-6-thread-1|2022-07-14 16:06:13.517 CEST|SignatureScheme.java:417|Ignore inactive signature scheme: rsa_md5
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.518 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.552 CEST|PreSharedKeyExtension.java:661|No session to resume.
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.553 CEST|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
    javax.net.ssl|DEBUG|53|pool-6-thread-1|2022-07-14 16:06:13.555 CEST|ClientHello.java:641|Produced ClientHello handshake message (
    "ClientHello": {
    "client version" : "TLSv1.2",
    "random" : "C29CB7B08F99A229E9199175DE1B51CAD3A7562C2FC2EDF24FA9C7975442C722",
    "session id" : "A567033F5D72F3DF3E3B6694E1D2C0F945ED426B69E85546F2FD138C5698B9B6",
    "cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
    "compression methods" : "00",
    "extensions" : [
    "status_request (5)": {
    "certificate status type": ocsp
    "OCSP status request": {
    "responder_id": <empty>
    "request extensions": {
    <empty>
    }
    }
    },
    "supported_groups (10)": {
    "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "signature_algorithms (13)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256,
    rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "supported_versions (43)": {
    "versions": [TLSv1.3]
    },
    "psk_key_exchange_modes (45)": {
    "ke_modes": [psk_dhe_ke]
    },
    "signature_algorithms_cert (50)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256,
    rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "key_share (51)": {
    "client_shares": [
    {
    "named group": x25519
    "key_exchange": {
    0000: A1 2A 36 81 E0 84 49 13 3E 60 46 51 92 04 E4 C4 .*6...I.>`FQ.... 0010: 80 08 15 E0 4B 9E 7C 39 B7 9B EE 38 E8 0B 71 5D ....K..9...8..q]
    }
    },
    {
    "named group": secp256r1
    "key_exchange": {
    0000: 04 DF 0C 96 B6 99 02 B1 A0 57 86 CA DA 32 8D 93 .........W...2.. 0010: 9D CF 6A 7B 47 28 FD 5F 23 C3 20 EC 8E DA 83 BE ..j.G(._#. ..... 0020: DB E0 F8 9E 20 CB A3 70 CB 35 FF 75 62 3C 58 20 .... ..p.5.ub<X 0030: 64 B1 CC 50 29 37 00 FA E2 9B 28 C5 8C 5F 24 BA d..P)7....(.._$. 0040: 6B
    }
    },
    ]
    }
    ]
    }
    )


    'maven clean test' log
    ======================
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.839 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:298|Ignore unsupported cipher suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV for TLSv1.3
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.840 CEST|HandshakeContext.java:305|No available cipher suite for TLSv1.3
    javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:394|Ignore unsupported signature scheme: ed25519
    javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:394|Ignore unsupported signature scheme: ed448
    javax.net.ssl|ALL|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SignatureScheme.java:413|Ignore disabled signature scheme: rsa_md5
    javax.net.ssl|INFO|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|AlpnExtension.java:182|No available application protocols
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SessionTicketExtension.java:408|Stateless resumption supported
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.841 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: renegotiation_info
    javax.net.ssl|DEBUG|AE|pool-39-thread-1|2022-07-14 15:05:07.842 CEST|ClientHello.java:652|Produced ClientHello handshake message (
    "ClientHello": {
    "client version" : "TLSv1.2",
    "random" : "FC 46 09 1C B5 8B C0 33 D1 51 19 E4 CC F5 A0 CC 4B 8A 28 C0 DE 35 E0 59 6B 46 A2 D8 5F E3 7E A0",
    "session id" : "",
    "cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_
    POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
    0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_
    RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_
    SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025),
    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_
    SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_ECDSA_WITH_AES_128_
    CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(
    0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
    "compression methods" : "00",
    "extensions" : [
    "server_name (0)": {
    type=host_name (0), value=seroius07825.sero.gic.ericsson.se
    },
    "status_request (5)": {
    "certificate status type": ocsp
    "OCSP status request": {
    "responder_id": <empty>
    "request extensions": {
    <empty>
    }
    }
    },
    "supported_groups (10)": {
    "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
    "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_
    sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
    "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_
    sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
    "cert status request": {
    "certificate status type": ocsp_multi
    "OCSP status request": {
    "responder_id": <empty>
    "request extensions": {
    <empty>
    }
    }
    }
    },
    "extended_master_secret (23)": {
    <empty>
    },
    "session_ticket (35)": {
    <empty>
    },
    "supported_versions (43)": {
    "versions": [TLSv1.2]
    }
    ]
    I wonder if it is due to I run the unit tests in the same jvm and use: systemProperties.put("jdk.tls.client.protocols", "TLSv1.3");
    So if the the system property is set to TLSv1.2 in a previous test it is not possible to change when the same JVM is used.

    Could this be the reason?

    //mike
    So is it possible to run one unit test in a separate jvm?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?Arne_Vajh=c3=b8j?=@21:1/5 to mike on Mon Jul 18 19:50:13 2022
    On 7/18/2022 4:28 AM, mike wrote:
    måndag 18 juli 2022 kl. 08:39:53 UTC+2 skrev mike:
    I wonder if it is due to I run the unit tests in the same jvm and use:
    systemProperties.put("jdk.tls.client.protocols", "TLSv1.3");
    So if the the system property is set to TLSv1.2 in a previous test it is not possible to change when the same JVM is used.

    Could this be the reason?

    Possible. If it just read the property once and stores it internally.

    Should be easy to test.

    So is it possible to run one unit test in a separate jvm?

    Obviously.

    One solution: two test suites that are run independently.

    Another solution: ant junit task with fork="on" and forknode="perTest".

    Arne

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)