Issue2542

classification
Title: TLS1.2 protocol support
Type: security Severity: critical
Components: Library Versions: Jython 2.7
Milestone:
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: aditya24, stefan.richthofer
Priority: Keywords:

Created on 2017-01-23.13:18:34 by aditya24, last changed 2017-01-26.15:16:51 by stefan.richthofer.

Files
File name Uploaded Description Edit Remove
unnamed aditya24, 2017-01-24.04:35:32
Messages
msg11032 (view) Author: aditya (aditya24) Date: 2017-01-23.13:18:34
There is no support for TLS1.2 protocol.Please do the needful asap.
msg11033 (view) Author: Stefan Richthofer (stefan.richthofer) Date: 2017-01-23.14:35:18
aditya,
could you please specify Jython-version and Java-version you tested with?
Especially, did you use Jython 2.7.0 or current trunk version?
I am asking, because AFAIK TLS protocols are not implemented in Jython, but imported from either netty or JVM. In september or so we upgraded Jython's netty support to Netty 4 which might have improved this support. This upgrade has not yet been released, not even in Jython 2.7.1b3. So it would be crucial that you check this issue in current Jython trunk version (e.g. by cloning from https://github.com/jythontools/jython).

Then. It might be relevant that Java 7 disables TLS 1.2 by default for client side. E.g. see
http://superuser.com/questions/747377/enable-tls-1-1-and-1-2-for-clients-on-java-7

I am not sure in what way this applies (if at all), given that netty is involved. Anyway, please check it first, before we investigate further.
msg11035 (view) Author: aditya (aditya24) Date: 2017-01-24.04:35:34
hello Stefan,

I am currently using jython version 2.7.0 and java version 1.8.0_91.
Could you please provide me with the sample code for the same.
It would be very helpfull,

Thanks
Aditya

On Mon, Jan 23, 2017 at 8:05 PM, Stefan Richthofer <report@bugs.jython.org>
wrote:

>
> Stefan Richthofer added the comment:
>
> aditya,
> could you please specify Jython-version and Java-version you tested with?
> Especially, did you use Jython 2.7.0 or current trunk version?
> I am asking, because AFAIK TLS protocols are not implemented in Jython,
> but imported from either netty or JVM. In september or so we upgraded
> Jython's netty support to Netty 4 which might have improved this support.
> This upgrade has not yet been released, not even in Jython 2.7.1b3. So it
> would be crucial that you check this issue in current Jython trunk version
> (e.g. by cloning from https://github.com/jythontools/jython).
>
> Then. It might be relevant that Java 7 disables TLS 1.2 by default for
> client side. E.g. see
> http://superuser.com/questions/747377/enable-tls-1-
> 1-and-1-2-for-clients-on-java-7
>
> I am not sure in what way this applies (if at all), given that netty is
> involved. Anyway, please check it first, before we investigate further.
>
> ----------
> nosy: +stefan.richthofer
>
> _______________________________________
> Jython tracker <report@bugs.jython.org>
> <http://bugs.jython.org/issue2542>
> _______________________________________
>
msg11038 (view) Author: Stefan Richthofer (stefan.richthofer) Date: 2017-01-26.15:16:50
> Could you please provide me with the sample code for the same.

Could you specify what sample code you mean?
It would be actually helpful if you could provide sample code that reproduces this issue. What code let you learn that TLS1.2 is missing? Did you run that code on current Jython 2.7.1 trunk version?

I just quick-checked the basics:

Jython 2.7.1b3 (, Jan 20 2017, 07:41:44) 
[OpenJDK 64-Bit Server VM (Oracle Corporation)] on java1.8.0_121
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> ssl.PROTOCOL_TLSv1_2
5
>>> test_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
>>> 

(That this passes without error so far does of course not yet mean that TLSv1_2 actually works.)
Unfortunately test_ssl.py does not apply protocol tests, because they depend on thread-stuf that currently does not work, see in Lib/test/test_ssl.py:

_have_threads = False
if _have_threads:  # Jython skip threading tests for now, really don't work :(
    _have_threads = True

So some code to actually test TLS 1.2 support would be helpful.
History
Date User Action Args
2017-01-26 15:16:51stefan.richthofersetmessages: + msg11038
2017-01-24 04:35:34aditya24setfiles: + unnamed
messages: + msg11035
2017-01-23 14:35:18stefan.richthofersetnosy: + stefan.richthofer
messages: + msg11033
2017-01-23 13:18:34aditya24create