Home > front end >  How to enable certificate_autorities extension in Jetty with TLS 1.3
How to enable certificate_autorities extension in Jetty with TLS 1.3

Time:11-10

I recently updated my Jetty server (11.0.1) to TLS 1.3 (jre 11.0.9.1).The server do not send trusted certificate autorities anymore in the CertificateRequest phase (client certificate authentication is required).

Consequently, in the prompt window, the browsers do not filter the clients certificates delivered by the CA trusted by the server.

How can i enable certificate_autorities extension on my jetty server in order to send this information to the client during TLS handshake ?

CodePudding user response:

In short, upgrade your JVM.

Java 11.0.9 expired in January 19, 2021 (per the release notes for 11.0.9).

When using SSL/TLS from Java is is very important to keep your JVM up to date and to pay attention to JVM expiration dates.

Example: The support for certificate_authorities extension was a filed issue and fixed in Java 11.0.10 (the release notes for 11.0.10 even say so)

The Issue: https://bugs.openjdk.java.net/browse/JDK-8206925

And don't limp into Java 11.0.10 only, as that version is expired in April 2021 as well, use the latest in the Java 11.x series.

  • Related