[JDK-8225766] Curve in certificate should not affect signature scheme when using TLSv1.3 - Java Bug System

Details

Type: Bug
Status: Closed
Priority: P3
Resolution: Fixed
Affects Version/s: 11, 12, 13
Fix Version/s: 13
Component/s: security-libs
Labels:

Subcomponent:
javax.net.ssl
Resolved In Build:
b27
Verification:
Verified

Backports

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8226544	14	Xuelei Fan	P3	Resolved	Fixed	b03
JDK-8228230	13.0.2	Xuelei Fan	P3	Resolved	Fixed	b01
JDK-8228015	13.0.1	Xuelei Fan	P3	Resolved	Fixed	master
JDK-8235572	11.0.7-oracle	Thejasvi Voniadka	P3	Resolved	Fixed	b01
JDK-8236587	11.0.7	Xuelei Fan	P3	Resolved	Fixed	b01
JDK-8256666	openjdk8u272	Martin Balao	P3	Closed	Fixed	b06
JDK-8243698	8u261	Prasadarao Koppula	P3	Resolved	Fixed	b05
JDK-8247031	emb-8u261	Prasadarao Koppula	P3	Resolved	Fixed	team

Description

In TLSv1.3, the signature schemes are listed by extension signature_algorithms.
The scheme selection would not be affected by the curve in certificate.

For example, the key store contains only one ECDSA certificate, which uses secp256r1 curve, and the extension supported_groups contains only secp521r1.

With JSSE logs, ClientHello lists this extension as below,
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },

But when try to produce Certificate message, it raises errors:
CertificateMessage.java:1062|Unavailable authentication scheme: ecdsa_secp256r1_sha256
...
CertificateMessage.java:1062|Unavailable authentication scheme: ecdsa_secp521r1_sha512
...
javax.net.ssl|ERROR|0C|MainThread|2019-06-14 11:01:39.752 CST|TransportContext.java:312|Fatal (HANDSHAKE_FAILURE): No available authentication scheme (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: No available authentication scheme
   at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
   at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
   at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
   at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
   at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:254)
   at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:951)
   at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:940)
   at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
   at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1225)
   at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1161)
   at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:852)
   at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:813)
   at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
   at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
   at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
   at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
   at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
   at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1383)
   at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1291)
   at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:436)
   at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:806)
   at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:897)
   at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:857)
   at SSLSocketTemplate.runServerApplication(SSLSocketTemplate.java:93)
   at SSLSocketTemplate.doServerSide(SSLSocketTemplate.java:275)
   at SSLSocketTemplate.startServer(SSLSocketTemplate.java:644)
   at SSLSocketTemplate.bootup(SSLSocketTemplate.java:558)
   at SSLSocketTemplate.run(SSLSocketTemplate.java:82)
        ...
)

I suppose scheme ecdsa_secp256r1_sha256 could be selected.

In fact, if the supported_groups contains secp256r1 only, CertificateVerify message selectes ecdsa_secp256r1_sha256.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

SignatureSchemeTest.java
22 kB
2019-06-13 22:33

Issue Links

backported by

JDK-8226544 Curve in certificate should not affect signature scheme when using TLSv1.3

Resolved

JDK-8228015 Curve in certificate should not affect signature scheme when using TLSv1.3

Resolved

JDK-8228230 Curve in certificate should not affect signature scheme when using TLSv1.3

Resolved

JDK-8235572 Curve in certificate should not affect signature scheme when using TLSv1.3

Resolved

JDK-8236587 Curve in certificate should not affect signature scheme when using TLSv1.3

Resolved

JDK-8243698 Curve in certificate should not affect signature scheme when using TLSv1.3

Resolved

JDK-8247031 Curve in certificate should not affect signature scheme when using TLSv1.3

Resolved

JDK-8256666 Curve in certificate should not affect signature scheme when using TLSv1.3

Closed

duplicates

JDK-8210165 supported_groups affects signatures in TLS 1.3

Closed

(3 backported by, 1 duplicates)

Curve in certificate should not affect signature scheme when using TLSv1.3

Details

Backports

Description

Attachments

Attachments

Issue Links

Activity

People

Dates