diff --git a/java-1_8_0-openjdk.changes b/java-1_8_0-openjdk.changes
index c9346e6..c83c42f 100644
--- a/java-1_8_0-openjdk.changes
+++ b/java-1_8_0-openjdk.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri May 28 04:50:33 UTC 2021 - Fridrich Strba <fstrba@suse.com>
+
+- Added patch:
+  * tls13extensions.patch
+    + make tlsv1.2 client hello not emit the optional tlsv1.3
+      extensions (fixes bsc#1184639)
+
 -------------------------------------------------------------------
 Fri May 14 08:07:18 UTC 2021 - Fridrich Strba <fstrba@suse.com>
 
diff --git a/java-1_8_0-openjdk.spec b/java-1_8_0-openjdk.spec
index a48885d..c5a6ebf 100644
--- a/java-1_8_0-openjdk.spec
+++ b/java-1_8_0-openjdk.spec
@@ -202,6 +202,8 @@ Patch1002:      icedtea-3.8.0-s390.patch
 Patch2001:      disable-doclint-by-default.patch
 Patch2002:      JDK_1_8_0-8208602.patch
 
+Patch3000:      tls13extensions.patch
+
 BuildRequires:  alsa-lib-devel
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -540,6 +542,8 @@ patch -p0 -i %{PATCH103}
 patch -p0 -i %{PATCH2001}
 patch -p0 -i %{PATCH2002}
 
+patch -p0 -i %{PATCH3000}
+
 (cd openjdk/common/autoconf
  bash ./autogen.sh
 )
diff --git a/tls13extensions.patch b/tls13extensions.patch
new file mode 100644
index 0000000..4dc5110
--- /dev/null
+++ b/tls13extensions.patch
@@ -0,0 +1,20 @@
+--- openjdk/jdk/src/share/classes/sun/security/ssl/SSLExtension.java	2021-05-21 08:10:00.830159018 +0200
++++ openjdk/jdk/src/share/classes/sun/security/ssl/SSLExtension.java	2021-05-21 08:11:40.258772361 +0200
+@@ -198,7 +198,7 @@
+ 
+     CH_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert",
+                                 SSLHandshake.CLIENT_HELLO,
+-                                ProtocolVersion.PROTOCOLS_12_13,
++                                ProtocolVersion.PROTOCOLS_OF_13,
+                                 CertSignAlgsExtension.chNetworkProducer,
+                                 CertSignAlgsExtension.chOnLoadConsumer,
+                                 null,
+@@ -319,7 +319,7 @@
+ 
+     CH_SUPPORTED_VERSIONS   (0x002B, "supported_versions",
+                                 SSLHandshake.CLIENT_HELLO,
+-                                ProtocolVersion.PROTOCOLS_TO_13,
++                                ProtocolVersion.PROTOCOLS_OF_13,
+                                 SupportedVersionsExtension.chNetworkProducer,
+                                 SupportedVersionsExtension.chOnLoadConsumer,
+                                 null,