Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8132661

SunJSSE in FIPS mode disallows TLS_ECDH_anon_WITH_AES_256_CBC_SHA despite docs

XMLWordPrintable

    • x86
    • os_x

      FULL PRODUCT VERSION :
      java version "1.8.0_45"
      Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
      Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)


      ADDITIONAL OS VERSION INFORMATION :
      Darwin bjansen-inuyasha.dev.tripwire.com 14.4.0 Darwin Kernel Version 14.4.0: Thu May 28 11:35:04 PDT 2015; root:xnu-2782.30.5~1/RELEASE_X86_64 x86_64

      EXTRA RELEVANT SYSTEM CONFIGURATION :
      This seems to be the case for all platforms running Java 8

      A DESCRIPTION OF THE PROBLEM :
      When the SunJSSE provider is put into FIPS mode, it is documented as allowing these anonymous cipher suites:

      http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/FIPS.html

      TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
      TLS_ECDH_anon_WITH_AES_128_CBC_SHA
      TLS_ECDH_anon_WITH_AES_256_CBC_SHA

      However, in the Java 8 implementation of sun.security.ssl.CipherSuite, these suites have been added to the set that are disallowed in FIPS mode.

      In Java 7, these suites are available, as stated in the documentation.

      In the OpenJDK source from Mercurial, you can see the difference at

      Allowed: http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/931fb59eae26/src/share/classes/sun/security/ssl/CipherSuite.java#l1038
              add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
                  0xC019, --p, K_ECDH_ANON, B_AES_256, T);

      Disallowed: http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/d8d037a7569e/src/share/classes/sun/security/ssl/CipherSuite.java#l1165
              add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
                  0xC019, --p, K_ECDH_ANON, B_AES_256, N);


      REGRESSION. Last worked in version 7u79

      ADDITIONAL REGRESSION INFORMATION:
      The anonymous cipher suites work on:

      java version "1.7.0_79"
      Java(TM) SE Runtime Environment (build 1.7.0_79-b15)
      Java HotSpot(TM) 64-Bit Server VM (build 24.79-b02, mixed mode)

      I have not yet fully narrowed down the exact release in which this behavior changed.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      1. Configure SunJSSE for FIPS mode per http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/FIPS.html
      2. Create an SSLSocket and call: socket.setEnabledCipherSuites(new String[] {"TLS_ECDH_anon_WITH_AES_256_CBC_SHA"})

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      The SSLSocket is configured to use the TLS_ECDH_anon_WITH_AES_256_CBC_SHA cipher suite.
      ACTUAL -
      SSLSocket#setEnabledCipherSuites() throws an exception when given TLS_ECDH_anon_WITH_AES_256_CBC_SHA

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_ECDH_anon_WITH_AES_256_CBC_SHA
      at sun.security.ssl.CipherSuite.valueOf(CipherSuite.java:237)
      at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:82)
      at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2419)


      REPRODUCIBILITY :
      This bug can be reproduced always.

            rgallard Raymond Gallardo
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: