ECDSA cert and TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ECDSA cert and TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8

Jiho Park(박지호)
Hello, everyone.
first of all, thank you for .

I'm trying to test HTTPS communication with ECDSA certificate and TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.
But it fails to handshake


Server-side)
- Java 8, Spring Boot(embedded tomcat)
- bcprov-jdk15on-159, bctls-jdk15on-159
- add BC Provider, BCJSSE Provider at the first of provider list
- Enabled Ciphers : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, TLS_RSA_WITH_AES_256_CBC_SHA256
- set TLS related properties in application.properties


Client-side)
- Java 8, Spring Framework RestTemplate with HttpClient
- bcprov-jdk15on-159, bctls-jdk15on-159
- add BC Provider, BCJSSE Provider at the first of provider list
- Enabled Ciphers : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, TLS_RSA_WITH_AES_256_CBC_SHA256
- set TLS related properties with HttpClient and SSLConnectionSocketFactory


When I test with RSA Server Certificate, It works well with selected cipher "TLS_RSA_WITH_AES_256_CBC_SHA256"
(RSA cert is created : keytool -genkeypair -alias server -keyalg RSA -keystore server.jks)


But with ECDSA Server Certificate, It fails to handshake; org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40)
(ECDSA cert is created : keytool -genkeypair -alias server -keyalg EC -keystore server.jks)


I added debug code to BC Tls library for debugging this issue.
The cause is "finding alias with keyType ECDHE_ECDSA return null"
Does EC private key or ECDSA certificate need additional settings?
RSA server cert work well with same configuration.


Here is the logs with ECDSA Server certificate settings
--------------------------------------------------------------------------------

AbstractTlsServer.getSelectedCipherSuite : print offeredCipherSuites
   Offered Ciphers : 0xc0ae
   Offered Ciphers : 0x3d
   Offered Ciphers : 0xff
AbstractTlsServer.getSelectedCipherSuite : checking cipherSuites - cipher 0xc0ae
ProvTlsServer.selectCipherSuite start
ProvTlsServer.selectCredentials : KeyManager=sun.security.ssl.SunX509KeyManagerImpl@3c898997
ProvTlsServer.selectCredentials : KeyType=ECDHE_ECDSA
ProvTlsServer.selectCredentials : alias=null
ProvTlsServer.selectCredentials return false : alias=null
ProvTlsServer.selectCipherSuite return false!!!!!!!!!!!!!!!
AbstractTlsServer.getSelectedCipherSuite : checking cipherSuites - cipher 0x3d
ProvTlsServer.selectCipherSuite start
ProvTlsServer.selectCredentials : KeyManager=sun.security.ssl.SunX509KeyManagerImpl@3c898997
ProvTlsServer.selectCredentials : KeyType=RSA
ProvTlsServer.selectCredentials : alias=null
ProvTlsServer.selectCredentials return false : alias=null
ProvTlsServer.selectCipherSuite return false!!!!!!!!!!!!!!!
16:38:39 [jsse-nio-8443-exec-1]  INFO o.b.jsse.provider.ProvTlsServer         - Server raised fatal(2) handshake_failure(40) alert: Failed to process record 
org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40)
at org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(AbstractTlsServer.java:389)
at org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(ProvTlsServer.java:227)
at org.bouncycastle.tls.TlsServerProtocol.sendServerHelloMessage(TlsServerProtocol.java:669)
at org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(TlsServerProtocol.java:134)
at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(TlsProtocol.java:456)
at org.bouncycastle.tls.TlsProtocol.processRecord(TlsProtocol.java:374)
at org.bouncycastle.tls.RecordStream.readFullRecord(RecordStream.java:256)
at org.bouncycastle.tls.TlsProtocol.safeReadFullRecord(TlsProtocol.java:634)
at org.bouncycastle.tls.TlsProtocol.offerInput(TlsProtocol.java:940)
at org.bouncycastle.jsse.provider.ProvSSLEngine.unwrap(ProvSSLEngine.java:354)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:475)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1445)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)



-------------------------------------------------------------------------------------
ECDSA cert is :

chain [0] =   [0]         Version: 3
         SerialNumber: 1562626989
             IssuerDN: C=Unknown,ST=Unknown,L=Unknown,O=Unknown,OU=Unknown,CN=Agg Client(EC)
           Start Date: Mon Jun 18 13:37:59 KST 2018
           Final Date: Sun Sep 16 13:37:59 KST 2018
            SubjectDN: C=Unknown,ST=Unknown,L=Unknown,O=Unknown,OU=Unknown,CN=Agg Client(EC)
           Public Key: EC Public Key [51:73:48:da:9e:ee:f8:5b:48:f7:ac:0f:e9:69:93:2a:eb:ce:ca:1a]
            X: 6b410d4187471cb63c53eb46ab2bda74650db30a5f46f5da8e55274ca9c3eb4e
            Y: 1cb943b0941329a038e249cae506380a0547b275ad5b09cd39b5a86aa245830f

  Signature Algorithm: SHA256WITHECDSA
            Signature: 3045022059054742594bbd9fdf4c8481fd3c8e89
                       49da0d4b4797afb16a26134cecb63587022100d6
                       38046b31b5d039d0a79ad5eb69b9087f9b4e0ff5
                       15a76d4206836e838a41fd
       Extensions: 
                       critical(false) 2.5.29.14 value = DER Octet String[20] 

Reply | Threaded
Open this post in threaded view
|

Re: ECDSA cert and TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8

Peter Dettman-3
Hi Jiho,

The BCJSSE TLS server currently only works properly with its own
KeyManagerFactory, though RSA credentials may work OK in some cases
without it. The BCJSSE KMF is registered for the "PKIX" algorithm.
Probably you just need to edit the entry in jre/lib/security/java.policy
file:

#ssl.KeyManagerFactory.algorithm=SunX509
ssl.KeyManagerFactory.algorithm=PKIX

Another option might be to use KeyManagerFactory.getInstance("PKIX") if
you are calling it explicitly.

Regards,
Pete Dettman


On 20/6/18 3:17 pm, Jiho Park(박지호) wrote:

> Hello, everyone.
> first of all, thank you for .
>
> I'm trying to test HTTPS communication with ECDSA certificate and
> TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.
> But it fails to handshake
>
>
> Server-side)
> - Java 8, Spring Boot(embedded tomcat)
> - bcprov-jdk15on-159, bctls-jdk15on-159
> - add BC Provider, BCJSSE Provider at the first of provider list
> - Enabled Ciphers : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
> TLS_RSA_WITH_AES_256_CBC_SHA256
> - set TLS related properties in application.properties

Reply | Threaded
Open this post in threaded view
|

Re: ECDSA cert and TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8

Jiho Park(박지호)
Hi Pete,

I resolve the issue with your comment . (I prefer to set by java code)
    Security.setProperty("ssl.KeyManagerFactory.algorithm", "PKIX");

Thank you!



2018-06-20 20:19 GMT+09:00 Peter Dettman <[hidden email]>:
Hi Jiho,

The BCJSSE TLS server currently only works properly with its own
KeyManagerFactory, though RSA credentials may work OK in some cases
without it. The BCJSSE KMF is registered for the "PKIX" algorithm.
Probably you just need to edit the entry in jre/lib/security/java.policy
file:

#ssl.KeyManagerFactory.algorithm=SunX509
ssl.KeyManagerFactory.algorithm=PKIX

Another option might be to use KeyManagerFactory.getInstance("PKIX") if
you are calling it explicitly.

Regards,
Pete Dettman


On 20/6/18 3:17 pm, Jiho Park(박지호) wrote:
> Hello, everyone.
> first of all, thank you for .
>
> I'm trying to test HTTPS communication with ECDSA certificate and
> TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.
> But it fails to handshake
>
>
> Server-side)
> - Java 8, Spring Boot(embedded tomcat)
> - bcprov-jdk15on-159, bctls-jdk15on-159
> - add BC Provider, BCJSSE Provider at the first of provider list
> - Enabled Ciphers : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
> TLS_RSA_WITH_AES_256_CBC_SHA256
> - set TLS related properties in application.properties