Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Fix
Priority: P3
Fix Version/s: None
Affects Version/s: 15
Component/s: security-libs
Labels:
None

Subcomponent:
javax.net.ssl

Description

Protocol: TLSv1.1
Cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Certificate: SHA256withDSA with key size 2048

The above simple TLS handshaking case failed with the below error,
Caused by: javax.net.ssl.SSLException: Unsupported signature algorithm: DSA
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:327)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:270)
at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeMessage.<init>(DHServerKeyExchange.java:154)
at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeProducer.produce(DHServerKeyExchange.java:487)
at java.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1101)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:851)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:810)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:451)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:428)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:184)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:799)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:758)
at SSLSocketTemplate.runServerApplication(SSLSocketTemplate.java:99)
at SSLSocketTemplate.doServerSide(SSLSocketTemplate.java:288)
at SSLSocketTemplate.startServer(SSLSocketTemplate.java:592)
at SSLSocketTemplate.bootup(SSLSocketTemplate.java:506)
... 2 more
Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size
at java.base/sun.security.provider.DSA.checkKey(DSA.java:124)
at java.base/sun.security.provider.DSA.engineInitSign(DSA.java:156)
at java.base/java.security.Signature$Delegate.tryOperation(Signature.java:1306)
at java.base/java.security.Signature$Delegate.chooseProvider(Signature.java:1255)
at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1352)
at java.base/java.security.Signature.initSign(Signature.java:634)
at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeMessage.getSignature(DHServerKeyExchange.java:441)
at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeMessage.<init>(DHServerKeyExchange.java:150)

This case also failed with SSLv3 and TLSv1, but passed with TLSv1.2.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

SSLSocketTemplate.java
53 kB
2020-04-16 02:06

Issue Links

relates to

JDK-8243558 JDK Provider Guide should document that DSA signature generation is now subject to a key strength check

Resolved

JDK-8243549 sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java failed with Unsupported signature algorithm: DSA

Resolved

Activity

People

Assignee:: Xuelei Fan

Reporter:: John Jiang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2020-04-16 02:00

Updated:: 2020-04-24 06:21

Resolved:: 2020-04-23 16:48