[bctls-jdk15on-168b05] Configure TLS Server DH Parameter.

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[bctls-jdk15on-168b05] Configure TLS Server DH Parameter.

CBroeter
Hi * !
We are facing a configuration issue using the BC TLS Server implementation.

We identified that our server does not use the intended DH Server Params in its Server Key Exchange message. These parameters are configured by setting the a variable

private static final String DHE_KEY_PARAMETER = "{ " + "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 "
+ "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD "
+ "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 "
+ "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED "
+ "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D "
+ "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F "
+ "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D "
+ "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B "
+ "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 "
+ "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 " + "15728E5A 8AACAA68 FFFFFFFF FFFFFFFF, 2}";

and the system property 'jdk.tls.server.defaultDHEParameters'

System.setProperty("jdk.tls.server.defaultDHEParameters", DHE_KEY_PARAMETER);

In contrast to the expectation the DH parameter chosen by the server is :

ff ff ff ff ff ff ff ff  ad f8 54 58 a2 bb 4a 9a  
af dc 56 20 27 3d 3c f1  d8 b9 c5 83 ce 2d 36 95  
a9 e1 36 41 14 64 33 fb  cc 93 9d ce 24 9b 3e f9  
7d 2f e3 63 63 0c 75 d8  f6 81 b2 02 ae c4 61 7a  
d3 df 1e d5 d5 fd 65 61  24 33 f5 1f 5f 06 6e d0  
85 63 65 55 3d ed 1a f3  b5 57 13 5e 7f 57 c9 35  
98 4f 0c 70 e0 e6 8b 77  e2 a6 89 da f3 ef e8 72  
1d f1 58 a1 36 ad e7 35  30 ac ca 4f 48 3a 79 7a  
bc 0a b1 82 b3 24 fb 61  d1 08 a9 4b b2 c8 e3 fb  
b9 6a da b7 60 d7 f4 68  1d 4f 42 a3 de 39 4d f4  
ae 56 ed e7 63 72 bb 19  0b 07 a7 c8 ee 0a 6d 70  
9e 02 fc e1 cd f7 e2 ec  c0 34 04 cd 28 34 2f 61  
91 72 fe 9c e9 85 83 ff  8e 4f 12 32 ee f2 81 83  
c3 fe 3b 1b 4c 6f ad 73  3b b5 fc bc 2e c2 20 05  
c5 8e f1 83 7d 16 83 b2  c6 f3 4a 26 c1 b2 ef fa  
88 6b 42 38 61 28 5c 97  ff ff ff ff ff ff ff ff  

How do we configure the servers DH Parameters in an correct manner?

Thanks

This E-Mail (including any attachments) is confidential and may be legally privileged. Access to this email by anyone else than the addressee is unauthorized. If you are not the intended recipient of this e-mail, any disclosure, copying, distribution or use of it is strictly prohibited.
Reply | Threaded
Open this post in threaded view
|

Re: [bctls-jdk15on-168b05] Configure TLS Server DH Parameter.

Peter Dettman-3
Hi Christoph,

We don't support jdk.tls.server.defaultDHEParameters this in BCJSSE; we
could maybe add it, but freely-specified DH groups are pretty much
obsolete. Do you have a specific reason for not just using a NamedGroup
like ffdhe2048?

Or are you using the low-level TLS API and not BCJSSE?

Regards,
Pete Dettman


On 3/9/2021 11:30 PM, Christoph Bröter wrote:

> Hi * !
> We are facing a configuration issue using the BC TLS Server implementation.
>
> We identified that our server does not use the intended DH Server Params
> in its Server Key Exchange message. These parameters are configured by
> setting the a variable
>
>     private static final String DHE_KEY_PARAMETER = "{ " + "FFFFFFFF
>     FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 "
>     + "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD "
>     + "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 "
>     + "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED "
>     + "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D "
>     + "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F "
>     + "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D "
>     + "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B "
>     + "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 "
>     + "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 " +
>     "15728E5A 8AACAA68 FFFFFFFF FFFFFFFF, 2}";
>
>
> and the system property 'jdk.tls.server.defaultDHEParameters'
>
>     System.setProperty("jdk.tls.server.defaultDHEParameters",
>     DHE_KEY_PARAMETER);
>
>
> In contrast to the expectation the DH parameter chosen by the server is :
>
>     ff ff ff ff ff ff ff ff  ad f8 54 58 a2 bb 4a 9a  
>     af dc 56 20 27 3d 3c f1  d8 b9 c5 83 ce 2d 36 95  
>     a9 e1 36 41 14 64 33 fb  cc 93 9d ce 24 9b 3e f9  
>     7d 2f e3 63 63 0c 75 d8  f6 81 b2 02 ae c4 61 7a  
>     d3 df 1e d5 d5 fd 65 61  24 33 f5 1f 5f 06 6e d0  
>     85 63 65 55 3d ed 1a f3  b5 57 13 5e 7f 57 c9 35  
>     98 4f 0c 70 e0 e6 8b 77  e2 a6 89 da f3 ef e8 72  
>     1d f1 58 a1 36 ad e7 35  30 ac ca 4f 48 3a 79 7a  
>     bc 0a b1 82 b3 24 fb 61  d1 08 a9 4b b2 c8 e3 fb  
>     b9 6a da b7 60 d7 f4 68  1d 4f 42 a3 de 39 4d f4  
>     ae 56 ed e7 63 72 bb 19  0b 07 a7 c8 ee 0a 6d 70  
>     9e 02 fc e1 cd f7 e2 ec  c0 34 04 cd 28 34 2f 61  
>     91 72 fe 9c e9 85 83 ff  8e 4f 12 32 ee f2 81 83  
>     c3 fe 3b 1b 4c 6f ad 73  3b b5 fc bc 2e c2 20 05  
>     c5 8e f1 83 7d 16 83 b2  c6 f3 4a 26 c1 b2 ef fa  
>     88 6b 42 38 61 28 5c 97  ff ff ff ff ff ff ff ff  
>
>
> How do we configure the servers DH Parameters in an correct manner?
>
> Thanks
>
> This E-Mail (including any attachments) is confidential and may be
> legally privileged. Access to this email by anyone else than the
> addressee is unauthorized. If you are not the intended recipient of this
> e-mail, any disclosure, copying, distribution or use of it is strictly
> prohibited.


Reply | Threaded
Open this post in threaded view
|

Re: [bctls-jdk15on-168b05] Configure TLS Server DH Parameter.

CBroeter
Thanks Peter for your response.
I have found a comment from you http://bouncy-castle.1462172.n4.nabble.com/RFC5114-DHE-modp-groups-td4658358.html where you are mentioning support of groups defined in RFC  3526 and the switch to RFC3526 as default DH group. Do you know if DHE modp groups have been supported in previous releases and been removed in the current one?

Is the 2048bit modp  group already implemented and I am just not able to find/use it?

This E-Mail (including any attachments) is confidential and may be legally privileged. Access to this email by anyone else than the addressee is unauthorized. If you are not the intended recipient of this e-mail, any disclosure, copying, distribution or use of it is strictly prohibited.


Am Mi., 10. März 2021 um 15:24 Uhr schrieb Peter Dettman <[hidden email]>:
In principle, for TLS 1.2 and earlier it can work with BCJSSE once we
have implemented the system property you mentioned (which I will
investigate shortly).

BTW, your last couple of emails have been to me personally rather than
the mailing list; please return the discussion to the list.

Regards,
Pete Dettman

On 3/10/2021 8:57 PM, Christoph Bröter wrote:
> Is there any possibility to use DHParameters of RFC 3526 namely group 14
> in an BC TLS-Server implementation using an RSA CipherSuite?
>
> This E-Mail (including any attachments) is confidential and may be
> legally privileged. Access to this email by anyone else than the
> addressee is unauthorized. If you are not the intended recipient of this
> e-mail, any disclosure, copying, distribution or use of it is strictly
> prohibited.
>
>
> Am Mi., 10. März 2021 um 09:19 Uhr schrieb Christoph Bröter
> <[hidden email] <mailto:[hidden email]>>:
>
>     Hello Peter,
>     the server implementation must use rfc3526 2048bit DHParameters by
>     related requirement documents otherwise clients consider the
>     connection unsafe and refuse progressing during handshake.
>     We are using BCJSSE as a crypto provider. I will attach a snippet
>     showing the server implementation used.
>     Is there any known way to use 2048-bit MODP Group as DHParameter?
>
>     This E-Mail (including any attachments) is confidential and may be
>     legally privileged. Access to this email by anyone else than the
>     addressee is unauthorized. If you are not the intended recipient of
>     this e-mail, any disclosure, copying, distribution or use of it is
>     strictly prohibited.