An example of TLS 1.3 client and server on Java

Java 11 supports TLS 1.3 protocol which was published in August 2018. During implementing the new TLS protocol, Java security-libs team significantly re-worked Java Secure Sockets Extension (JSSE). I used to work on security-libs in Java for 6 years, so I can tell that was not an easy task for sure. But nevertheless, Java security-libs team delivered TLS 1.3 implementation in Java 11. Great job!

But TLS 1.3 implementation in Java 11 doesn’t not support all the features of the new TLS protocol. Here is what JSSE supports (see more details in JEP 332):

  • Protocol version negotiation
  • Full handshake for both client and server sides
  • Session resumption
  • Key and IV update
  • Updated OCSP stapling
  • Backward compatibility mode
  • Required extensions and algorithms
  • Two new cipher suites: TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384
  • RSASSA-PSS signature algorithms
  • Both SSLSocket and SSLEngine

And here is what are not supported:

Java 11 doesn’t introduce new public classes and methods for TLS 1.3. It just adds a couple of new constants for the new protocol name, cipher suites, ets. And this is actually great because it makes it very easy to switch to the new TLS version. You just need to configure JSSE to use new protocol and ciphers, and the rest of the code should not change. Depending on an application, migration to the new version may not even require any modification of the application code. For example, if an application is configured by JSSE system properties such as https.protocols and jdk.tls.client.protocols. (well, if third-parties you’l like to talk to with TLS 1.3 don’t support it, then the migration may not be that easy).

Here is an example of TLS 1.3 client and server in Java. As you may notice, it’s just a regular example of SSLSocket-based client and server except it uses new constants “TLSv1.3” and “TLS_AES_128_GCM_SHA256”.

If you have found a spelling error, please, notify us by selecting that text and pressing Ctrl+Enter.

Share
avatar
2 Comment threads
2 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
ArtemRafaAshu Phaugat Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Ashu Phaugat
Guest
Ashu Phaugat

I ran this program but got error:

server started on port 50308
accepted
Exception in thread “main” exception: No available authentication scheme
server stopped
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:970)
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)
at TLSv13Test.main(TLSv13Test.java:25)

Process finished with exit code 1

Vote Up1Vote Down  Reply
29/06/2019 04:26
Artem
Author
Artem

Hi Ashu,

I forgot to mention that the program needs a keystore and a truststore. Otherwise, the server can’t find a certificate to authenticate itself, and as a result a SSLHandshakeException is thrown.

To fix the problem, you need to set javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword system properties. More details can be found in JSSE docs.

For example:

java -cp classes \
-Djavax.net.ssl.keyStore=keystore \
-Djavax.net.ssl.keyStorePassword=passphrase \
-Djavax.net.ssl.trustStore=keystore \
-Djavax.net.ssl.trustStorePassword=passphrase \
com.gypsyengineer.tlsbunny.jsse.TLSv13Test

For testing purposes, you can download the keystore file from https://github.com/openjdk/jdk/tree/master/test/jdk/javax/net/ssl/etc

Thanks for letting me know about the problem, I’ll update the post.

Vote Up0Vote Down  Reply
29/06/2019 10:21
Rafa
Guest
Rafa

Hello, Artem,

first of all, this is a very good example for JSSE.
Would it be possible for you to create a step by step explanation for keystore and trustore creation for cipher suite TLS_AES_256_GCM_SHA384

greeting Rafa

Vote Up0Vote Down  Reply
18/08/2019 21:41
Artem
Author
Artem

Thanks for the feedback Rafa!

Server certificate and key don’t depend on a cipher suite in TLS 1.3, so you can use any certificate and key supported by your JDK. For example, RSA or EC certificates. Make sure that the keys meet JSSE security requirements such as key length, etc. I’ll try to write a post about creating such a key pair and keystores.

Vote Up1Vote Down  Reply
23/08/2019 09:41