Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8248128

TLSv1.2 and lower protocol handshake fails when using different key agreement curve than signature key

    XMLWordPrintable

Details

    • Bug
    • Status: Open
    • P3
    • Resolution: Unresolved
    • 15
    • tbd
    • security-libs

    Description

      Explicitly provided key agreement group name fails for TLSv1.2 and below which is different from signature key.

      Example failing test case (it works fine for TLSv1.3):
      Protocol: "TLSv1.2"
      KeyType: ecdsa_sha256 with Curve: prime256v1
      Cipher: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"

      System.setProperty("jdk.tls.namedGroups", "X25519"); // The same failure happens for ffdhe too.

      Attachments

        Activity

          People

            ssahoo Sibabrata Sahoo
            ssahoo Sibabrata Sahoo
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: