Details
-
Bug
-
Status: Closed
-
P3
-
Resolution: Fixed
-
11, 12, 13
-
b27
-
Verified
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8226544 | 14 | Xuelei Fan | P3 | Resolved | Fixed | b03 |
JDK-8228230 | 13.0.2 | Xuelei Fan | P3 | Resolved | Fixed | b01 |
JDK-8228015 | 13.0.1 | Xuelei Fan | P3 | Resolved | Fixed | master |
JDK-8235572 | 11.0.7-oracle | Thejasvi Voniadka | P3 | Resolved | Fixed | b01 |
JDK-8236587 | 11.0.7 | Xuelei Fan | P3 | Resolved | Fixed | b01 |
JDK-8256666 | openjdk8u272 | Martin Balao | P3 | Closed | Fixed | b06 |
JDK-8243698 | 8u261 | Prasadarao Koppula | P3 | Resolved | Fixed | b05 |
JDK-8247031 | emb-8u261 | Prasadarao Koppula | P3 | Resolved | Fixed | team |
Description
The scheme selection would not be affected by the curve in certificate.
For example, the key store contains only one ECDSA certificate, which uses secp256r1 curve, and the extension supported_groups contains only secp521r1.
With JSSE logs, ClientHello lists this extension as below,
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
But when try to produce Certificate message, it raises errors:
CertificateMessage.java:1062|Unavailable authentication scheme: ecdsa_secp256r1_sha256
...
CertificateMessage.java:1062|Unavailable authentication scheme: ecdsa_secp521r1_sha512
...
javax.net.ssl|ERROR|0C|MainThread|2019-06-14 11:01:39.752 CST|TransportContext.java:312|Fatal (HANDSHAKE_FAILURE): No available authentication scheme (
"throwable" : {
javax.net.ssl.SSLHandshakeException: No available authentication scheme
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:254)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:951)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:940)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1225)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1161)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:852)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:813)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1383)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1291)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:436)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:806)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:897)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:857)
at SSLSocketTemplate.runServerApplication(SSLSocketTemplate.java:93)
at SSLSocketTemplate.doServerSide(SSLSocketTemplate.java:275)
at SSLSocketTemplate.startServer(SSLSocketTemplate.java:644)
at SSLSocketTemplate.bootup(SSLSocketTemplate.java:558)
at SSLSocketTemplate.run(SSLSocketTemplate.java:82)
...
)
I suppose scheme ecdsa_secp256r1_sha256 could be selected.
In fact, if the supported_groups contains secp256r1 only, CertificateVerify message selectes ecdsa_secp256r1_sha256.
Attachments
Issue Links
- backported by
-
JDK-8226544 Curve in certificate should not affect signature scheme when using TLSv1.3
-
- Resolved
-
-
JDK-8228015 Curve in certificate should not affect signature scheme when using TLSv1.3
-
- Resolved
-
-
JDK-8228230 Curve in certificate should not affect signature scheme when using TLSv1.3
-
- Resolved
-
-
JDK-8235572 Curve in certificate should not affect signature scheme when using TLSv1.3
-
- Resolved
-
-
JDK-8236587 Curve in certificate should not affect signature scheme when using TLSv1.3
-
- Resolved
-
-
JDK-8243698 Curve in certificate should not affect signature scheme when using TLSv1.3
-
- Resolved
-
-
JDK-8247031 Curve in certificate should not affect signature scheme when using TLSv1.3
-
- Resolved
-
-
JDK-8256666 Curve in certificate should not affect signature scheme when using TLSv1.3
-
- Closed
-
- duplicates
-
JDK-8210165 supported_groups affects signatures in TLS 1.3
-
- Closed
-