Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8242417

For tls mutual authentication, client certs are not getting send to the server

    XMLWordPrintable

Details

    Description

      ADDITIONAL SYSTEM INFORMATION :
      This happened initially on Java 13 but I also tested the Java 15 with the same issue.

      A DESCRIPTION OF THE PROBLEM :
      We are using openssl to generate keys for tls 1.3 communication. The handshake completes except the client certs are not sent to the server. This is because the key and cert use ed25519 algorithm. The X509Authentication enum does not support this. I am not sure if there is a way to workaround this.

      javax.net.ssl|WARNING|01|main|2020-03-31 14:43:13.232 EDT|CertificateMessage.java:1057|Unsupported authentication scheme: ed25519

                      SSLAuthentication ka = X509Authentication.valueOf(ss);
                      if (ka == null) {
                          if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                              SSLLogger.warning(
                                  "Unsupported authentication scheme: " + ss.name);
                          }
                          checkedKeyTypes.add(ss.keyAlgorithm);
                          continue;
                      }


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Use openssl to generate keys and certs with algorithm ed25519 and use these for tls 1.3 mutual communication.

      openssl genpkey -out "ca.key.pem" -outform PEM -algorithm ed25519
        openssl pkey -in ca.key.pem -pubout -out ca.pubkey.pem

        # generate self-signed CA cert
        openssl req -config ca.cnf -keyform PEM -key ca.key.pem -new -x509 -days 7300 -out ca.cert.pem


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      Excepted the handshake to complete successfully
      ACTUAL -
      Server does not get the client certs.

      FREQUENCY : always


      Attachments

        Issue Links

          Activity

            People

              wetmore Bradford Wetmore
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: