-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
13.0.2
-
x86_64
-
linux_ubuntu
ADDITIONAL SYSTEM INFORMATION :
This happened initially on Java 13 but I also tested the Java 15 with the same issue.
A DESCRIPTION OF THE PROBLEM :
We are using openssl to generate keys for tls 1.3 communication. The handshake completes except the client certs are not sent to the server. This is because the key and cert use ed25519 algorithm. The X509Authentication enum does not support this. I am not sure if there is a way to workaround this.
javax.net.ssl|WARNING|01|main|2020-03-31 14:43:13.232 EDT|CertificateMessage.java:1057|Unsupported authentication scheme: ed25519
SSLAuthentication ka = X509Authentication.valueOf(ss);
if (ka == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Unsupported authentication scheme: " + ss.name);
}
checkedKeyTypes.add(ss.keyAlgorithm);
continue;
}
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Use openssl to generate keys and certs with algorithm ed25519 and use these for tls 1.3 mutual communication.
openssl genpkey -out "ca.key.pem" -outform PEM -algorithm ed25519
openssl pkey -in ca.key.pem -pubout -out ca.pubkey.pem
# generate self-signed CA cert
openssl req -config ca.cnf -keyform PEM -key ca.key.pem -new -x509 -days 7300 -out ca.cert.pem
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Excepted the handshake to complete successfully
ACTUAL -
Server does not get the client certs.
FREQUENCY : always
This happened initially on Java 13 but I also tested the Java 15 with the same issue.
A DESCRIPTION OF THE PROBLEM :
We are using openssl to generate keys for tls 1.3 communication. The handshake completes except the client certs are not sent to the server. This is because the key and cert use ed25519 algorithm. The X509Authentication enum does not support this. I am not sure if there is a way to workaround this.
javax.net.ssl|WARNING|01|main|2020-03-31 14:43:13.232 EDT|CertificateMessage.java:1057|Unsupported authentication scheme: ed25519
SSLAuthentication ka = X509Authentication.valueOf(ss);
if (ka == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Unsupported authentication scheme: " + ss.name);
}
checkedKeyTypes.add(ss.keyAlgorithm);
continue;
}
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Use openssl to generate keys and certs with algorithm ed25519 and use these for tls 1.3 mutual communication.
openssl genpkey -out "ca.key.pem" -outform PEM -algorithm ed25519
openssl pkey -in ca.key.pem -pubout -out ca.pubkey.pem
# generate self-signed CA cert
openssl req -config ca.cnf -keyform PEM -key ca.key.pem -new -x509 -days 7300 -out ca.cert.pem
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Excepted the handshake to complete successfully
ACTUAL -
Server does not get the client certs.
FREQUENCY : always
- duplicates
-
JDK-8166596 TLS support for the EdDSA signature algorithm
-
- Resolved
-