BC FIPS provider got handshake errors for some FIPS mode cipher suites

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

BC FIPS provider got handshake errors for some FIPS mode cipher suites

Jeff Huang
Hello,

The following cipher suites are FIPS mode based on "Appendix B – Supported
Cipher Suites" in BC-FJA-(D)TLSUserGuide-1.0.9.pdf.

I got handshake errors for all cipher suites with DHE key exchange algorithm
and all cipher suites with ECDHE key exchange algorithm and ECDSA
authentication algorithm.

*The following cipher suite are not working*
 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,        
 TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
 TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,

TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,      
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,

*The following cipher suites are working. *
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,              
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CCM,                  
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CCM    

Is that right behavior? Or I missed something. I did both key manager
algorithm and trust manager algorithm to PKIS, key store type is pkcs12.

Thanks!

Jeff.



--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

RE: BC FIPS provider got handshake errors for some FIPS mode cipher suites

Eckenfels. Bernd
DSS ciphers require a (uncommon and insecure) DH certificate and for ECDSA ciphers you need a EC cert. If you have a RSA certificate only, it is normal what you have described. RSA DHE ciphers should also exist, but I don’t see any in your list. If you care about security (within the anschient FIPS parameters) ECDHE with ECDSA or RSA are the only once to consider (imho)
--
http://www.seeburger.com
________________________________________
From: Jeff Huang [[hidden email]]
Sent: Tuesday, October 29, 2019 23:45
To: [hidden email]
Subject: [dev-crypto] BC FIPS provider got handshake errors for some FIPS mode cipher suites

Hello,

The following cipher suites are FIPS mode based on "Appendix B – Supported
Cipher Suites" in BC-FJA-(D)TLSUserGuide-1.0.9.pdf.

I got handshake errors for all cipher suites with DHE key exchange algorithm
and all cipher suites with ECDHE key exchange algorithm and ECDSA
authentication algorithm.

*The following cipher suite are not working*
 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
 TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
 TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,

TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,

*The following cipher suites are working. *
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CCM,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CCM

Is that right behavior? Or I missed something. I did both key manager
algorithm and trust manager algorithm to PKIS, key store type is pkcs12.

Thanks!

Jeff.



--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html









SEEBURGER AG            Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:                Axel Haas, Michael Kleeberg, Axel Otto, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1
D-75015 Bretten         Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0            Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de               Registergericht/Commercial Register:
e-mail: [hidden email]               HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.


This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.


Reply | Threaded
Open this post in threaded view
|

Re: BC FIPS provider got handshake errors for some FIPS mode cipher suites

Peter Dettman-3
In reply to this post by Jeff Huang
Hi Jeff,
Perhaps you are running a server and only have RSA certificates
available in your key store, but since you've given next to no details
of what you're testing, it's just a guess.

- Which BC jars (and which versions) are being used?
- What does your provider configuration look like?
- Are you testing a client? a server? both?
- If you're only running one end, what software is at the other end? How
are you confining the test to a specific cipher suite?
- Standalone test or is there a webserver or http client involved?
- What does "not working" mean? What test were you running and what was
the expected result? Did any errors appear in the logs?
- etc.

Regards,
Pete Dettman

On 30/10/19 5:45 am, Jeff Huang wrote:

> Hello,
>
> The following cipher suites are FIPS mode based on "Appendix B – Supported
> Cipher Suites" in BC-FJA-(D)TLSUserGuide-1.0.9.pdf.
>
> I got handshake errors for all cipher suites with DHE key exchange algorithm
> and all cipher suites with ECDHE key exchange algorithm and ECDSA
> authentication algorithm.
>
> *The following cipher suite are not working*
>  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,        
>  TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
>  TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
>  TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
>  TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
>
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,      
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>
> *The following cipher suites are working. *
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_RSA_WITH_3DES_EDE_CBC_SHA,              
> TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_RSA_WITH_AES_128_CCM,                  
> TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA256,
> TLS_RSA_WITH_AES_256_CCM    
>
> Is that right behavior? Or I missed something. I did both key manager
> algorithm and trust manager algorithm to PKIS, key store type is pkcs12.
>
> Thanks!
>
> Jeff.
>
>
>
> --
> Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html
>