[JDK-8248128] TLSv1.2 and lower protocol handshake fails when using different key agreement curve than signature key - Java Bug System

XML

Word

Printable

Details

Type: Bug
Status: Open
Priority: P3
Resolution: Unresolved
Affects Version/s: 15
Fix Version/s: tbd
Component/s: security-libs
Labels:
- TLS-1.3

Subcomponent:
javax.net.ssl

Description

Explicitly provided key agreement group name fails for TLSv1.2 and below which is different from signature key.

Example failing test case (it works fine for TLSv1.3):
Protocol: "TLSv1.2"
KeyType: ecdsa_sha256 with Curve: prime256v1
Cipher: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"

System.setProperty("jdk.tls.namedGroups", "X25519"); // The same failure happens for ffdhe too.

Attachments

Activity

People

Assignee:: Sibabrata Sahoo

Reporter:: Sibabrata Sahoo

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2020-06-22 22:31

Updated:: 2021-11-08 02:00