TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 support?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 support?

Jiho Park(박지호)

Hi, 


I need to support TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 in my java server application to communicate with some rest api server.

And also my java server application provide some rest api for that server.

All TLS communications between my java application and rest api server shall enable client authentication.


(I'm using Java 8 and Spring Framework 5.0, Spring Boot 2.0)



Does the latest java version of Bouncycastle Library support "TLS_ECDHE_ECDSA_WITH _AES_128_CCM_8" cipher suite?


Any examples, resources for this case using Bouncycastle library?




Thanks,

Jiho.







Reply | Threaded
Open this post in threaded view
|

Re: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 support?

Peter Dettman-3
Hi Jiho,

Yes, we have support for TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, but it is
not enabled by default.

The recommended way to use our TLS library is through our JSSE provider
"BCJSSE". The provider class is
org.bouncycastle.jsse.provider.BouncyCastleJsseProvider (you need
bctls-jdk15on-159.jar).

Register the BCJSSE provider (ahead of
com.sun.net.ssl.internal.ssl.Provider) either in java.security file of
your JRE, or via java.security.Security class methods. Then use the
standard javax.net.ssl classes - SSLContext, SSLSocket, etc.

If you are running a TLS server using BCJSSE, you will also need to set
(in java.security file):
    ssl.KeyManagerFactory.algorithm=PKIX

To enable TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, you could use e.g.
SSLSocket.setEnabledCipherSuites method.

If you are using a high-level REST API (which uses SSLContext etc.
internally), you will need to consult their documentation as to how to
configure cipher suites and client authentication.

Regards,
Pete Dettman


On 28/5/18 11:12 am, Jiho Park(박지호) wrote:

> Hi, 
>
>
> I need to support *TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8* in my java server
> application to communicate with some rest api server.
>
> And also my java server application provide some rest api for that server.
>
> All TLS communications between my java application and rest api server
> *shall enable client authentication*.
>
>
> (I'm using Java 8 and Spring Framework 5.0, Spring Boot 2.0)
>
>
>
> Does the latest java version of Bouncycastle Library support
> "TLS_ECDHE_ECDSA_WITH _AES_128_CCM_8" cipher suite?
>
>
> Any examples, resources for this case using Bouncycastle library?
>
>
> 
>
> Thanks,
>
> Jiho.
>
>
>
>
>
>
>