Hi Seung-bum,
Although our underlying TLS implementation (org.bouncycastle.tls)
technically still has support for static ECDH (and DH), it is strongly
deprecated by TLS standards.
In the BCJSSE provider we decided not to support any cipher suites that
use static key agreement (DH_DSS, DH_RSA, ECDH_ECDSA, ECDH_RSA), and
therefore we do not need to handle the case of ECDH_ECDSA when selecting
server credentials.
Regards,
Pete Dettman
On 15/11/19 9:54 pm, Seung-bum Jin wrote:
> --------------------------------------------------------------
> From: Seung-bum Jin <
[hidden email] <mailto:
[hidden email]>>
> To:
[hidden email]
> <mailto:
[hidden email]>
> Subject: Question about DTLS implementations
>
> Hi All,
>
> We are trying to use the BouncyCastle 1.63 java source to implement DTLS
> protcol on our JSSE provider.
>
>
> The source code of org.bouncycastle.jsse.provider.ProvTlsServer seems to
> be not processing ECDH_ECDSA case. Is the code intended implementation?
> Or features still not implemented?
>
>
> protected boolean selectCredentials(int cipherSuite) throws IOException
> {
> this.credentials = null;
>
> int keyExchangeAlgorithm =
> TlsUtils.getKeyExchangeAlgorithm(cipherSuite);
> switch (keyExchangeAlgorithm)
> {
> case KeyExchangeAlgorithm.DH_anon:
> case KeyExchangeAlgorithm.ECDH_anon:
> return true;
>
> case KeyExchangeAlgorithm.DHE_DSS:
> case KeyExchangeAlgorithm.DHE_RSA:
> case KeyExchangeAlgorithm.ECDHE_ECDSA:
> case KeyExchangeAlgorithm.ECDHE_RSA:
> case KeyExchangeAlgorithm.RSA:
> break;
>
> default:
> return false;
> }
> ...
>
>
> Seung-Bum Jin.
>
>
>
> Driector, Research & Development Dept.
>
> Peoplecar,
>
> Replublic Of Korea.
>
> --------------------------------------------------------------
>
> ....
Locked
