Details
-
Bug
-
Resolution: Duplicate
-
P3
-
11
-
None
Description
The TLS 1.3 implementation in SunJSSE incorrectly uses the supported_groups extension to constrain the elliptic curves used in ECDSA. This behavior was correct in TLS 1.2 (when the extension was called elliptic_curves), but groups used in signatures should be independent from supported_groups when TLS 1.3 is negotiated.
The constraints on signatures happens whether the supported_groups extension is received, or the supported groups are configured using the jdk.tls.namedGroups system property. To test, run a server with a single ECDSA certificate, and set jdk.tls.namedGroups (in either the client or server) so that the curve in the certificate is not included. The connection will fail with "No available authentication scheme."
The constraints on signatures happens whether the supported_groups extension is received, or the supported groups are configured using the jdk.tls.namedGroups system property. To test, run a server with a single ECDSA certificate, and set jdk.tls.namedGroups (in either the client or server) so that the curve in the certificate is not included. The connection will fail with "No available authentication scheme."
Attachments
Issue Links
- duplicates
-
-
- Closed
-