diff -r a06a7dece503 -r 45e123c0de3b src/java.base/share/classes/sun/security/ssl/AlpnExtension.java
--- a/src/java.base/share/classes/sun/security/ssl/AlpnExtension.java	Wed May 16 21:18:06 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/AlpnExtension.java	Wed May 16 22:13:16 2018 -0700
@@ -445,7 +445,9 @@
             // In response to ALPN request only
             AlpnSpec requestedAlps =
                     (AlpnSpec)chc.handshakeExtensions.get(SSLExtension.CH_ALPN);
-            if (requestedAlps == null) {
+            if (requestedAlps == null ||
+                    requestedAlps.applicationProtocols == null ||
+                    requestedAlps.applicationProtocols.isEmpty()) {
                 chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                     "Unexpected " + SSLExtension.CH_ALPN.name + " extension");
             }
@@ -468,7 +470,7 @@
             }
             
             // The respond application protocol must be one of the requested.
-            if (requestedAlps.applicationProtocols.contains(
+            if (!requestedAlps.applicationProtocols.containsAll(
                     spec.applicationProtocols)) {
                 chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                     "Invalid " + SSLExtension.CH_ALPN.name + " extension: " +