-
Bug
-
Resolution: Fixed
-
P4
-
23
-
None
In order to establish TLS connections while operating in FIPS mode, the following cryptographic providers are enabled:
1. SunPKCS11 (with a back-end that operates in FIPS mode, such as NSS)
2. SUN
3. SunJSSE
All other security providers are disabled.
With that configuration, no named groups are offered in the ClientHello, and only a limited selection of signature algorithms is offered:
"signature_algorithms (13)": {
"signature schemes": [rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, rsa_sha224, dsa_sha224, rsa_pkcs1_sha1, dsa_sha1]
},
SunPKCS11 should be able to support at least EC, FFDHE, and RSASSA-PSS; XDH support is not yet implemented.
The debug logs (-Djavax.net.debug=all) offer some insights:
NamedGroup.java:278|No AlgorithmParameters for ffdhe2048 (
"throwable" : {
java.security.NoSuchAlgorithmException: DiffieHellman AlgorithmParameters not available
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.base/java.security.Security.getImpl(Security.java:658)
at java.base/java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:157)
at java.base/sun.security.ssl.NamedGroup.<init>(NamedGroup.java:271)
at java.base/sun.security.ssl.NamedGroup.<clinit>(NamedGroup.java:199)
SignatureScheme.java:209|RSASSA-PSS signature with SHA-256 is not supported by the underlying providers (
"throwable" : {
java.lang.RuntimeException: java.security.NoSuchAlgorithmException: RSASSA-PSS AlgorithmParameters not available
at jdk.crypto.cryptoki/sun.security.pkcs11.P11PSSSignature.engineGetParameters(P11PSSSignature.java:783)
at java.base/java.security.Signature$Delegate.engineGetParameters(Signature.java:1459)
at java.base/java.security.Signature.getParameters(Signature.java:1030)
at java.base/sun.security.ssl.SignatureScheme$SigAlgParamSpec.<init>(SignatureScheme.java:203)
at java.base/sun.security.ssl.SignatureScheme$SigAlgParamSpec.<clinit>(SignatureScheme.java:184)
at java.base/sun.security.ssl.SignatureScheme.<clinit>(SignatureScheme.java:78)
...
Caused by: java.security.NoSuchAlgorithmException: RSASSA-PSS AlgorithmParameters not available
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.base/java.security.Security.getImpl(Security.java:658)
at java.base/java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:157)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11PSSSignature.engineGetParameters(P11PSSSignature.java:779)
... 20 more
The reason for EC unavailability is not logged anywhere by default, but with some extra logging we get:
java.lang.RuntimeException: Cannot load SunEC provider
at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.getSunECProvider(P11ECKeyFactory.java:55)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.getECParameterSpec(P11ECKeyFactory.java:71)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyPairGenerator.initialize(P11KeyPairGenerator.java:158)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyPairGenerator.<init>(P11KeyPairGenerator.java:144)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$P11Service.newInstance0(SunPKCS11.java:1458)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$P11Service.newInstance(SunPKCS11.java:1423)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at java.base/java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:246)
at java.base/sun.security.ssl.JsseJce$EcAvailability.<clinit>(JsseJce.java:172)
at java.base/sun.security.ssl.JsseJce.isEcAvailable(JsseJce.java:131)
RSASSA-PSS and DiffieHellman can be easily fixed by registering their AlgorithmParameters in SunPKCS11 provider. EC might need some extra effort.
To reproduce:
Use the existing FipsModeTLS12.java test (requires NSS), change TLSv1.2 to TLSv1.3 in `SSLContext.getInstance("TLSv1.2", "SunJSSE");`, add logging. TLS 1.3 doesn't work in this configuration yet (next hurdle is JDK-8278640), but the ClientHello is produced without any problems.
1. SunPKCS11 (with a back-end that operates in FIPS mode, such as NSS)
2. SUN
3. SunJSSE
All other security providers are disabled.
With that configuration, no named groups are offered in the ClientHello, and only a limited selection of signature algorithms is offered:
"signature_algorithms (13)": {
"signature schemes": [rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, rsa_sha224, dsa_sha224, rsa_pkcs1_sha1, dsa_sha1]
},
SunPKCS11 should be able to support at least EC, FFDHE, and RSASSA-PSS; XDH support is not yet implemented.
The debug logs (-Djavax.net.debug=all) offer some insights:
NamedGroup.java:278|No AlgorithmParameters for ffdhe2048 (
"throwable" : {
java.security.NoSuchAlgorithmException: DiffieHellman AlgorithmParameters not available
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.base/java.security.Security.getImpl(Security.java:658)
at java.base/java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:157)
at java.base/sun.security.ssl.NamedGroup.<init>(NamedGroup.java:271)
at java.base/sun.security.ssl.NamedGroup.<clinit>(NamedGroup.java:199)
SignatureScheme.java:209|RSASSA-PSS signature with SHA-256 is not supported by the underlying providers (
"throwable" : {
java.lang.RuntimeException: java.security.NoSuchAlgorithmException: RSASSA-PSS AlgorithmParameters not available
at jdk.crypto.cryptoki/sun.security.pkcs11.P11PSSSignature.engineGetParameters(P11PSSSignature.java:783)
at java.base/java.security.Signature$Delegate.engineGetParameters(Signature.java:1459)
at java.base/java.security.Signature.getParameters(Signature.java:1030)
at java.base/sun.security.ssl.SignatureScheme$SigAlgParamSpec.<init>(SignatureScheme.java:203)
at java.base/sun.security.ssl.SignatureScheme$SigAlgParamSpec.<clinit>(SignatureScheme.java:184)
at java.base/sun.security.ssl.SignatureScheme.<clinit>(SignatureScheme.java:78)
...
Caused by: java.security.NoSuchAlgorithmException: RSASSA-PSS AlgorithmParameters not available
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.base/java.security.Security.getImpl(Security.java:658)
at java.base/java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:157)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11PSSSignature.engineGetParameters(P11PSSSignature.java:779)
... 20 more
The reason for EC unavailability is not logged anywhere by default, but with some extra logging we get:
java.lang.RuntimeException: Cannot load SunEC provider
at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.getSunECProvider(P11ECKeyFactory.java:55)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11ECKeyFactory.getECParameterSpec(P11ECKeyFactory.java:71)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyPairGenerator.initialize(P11KeyPairGenerator.java:158)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyPairGenerator.<init>(P11KeyPairGenerator.java:144)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$P11Service.newInstance0(SunPKCS11.java:1458)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$P11Service.newInstance(SunPKCS11.java:1423)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at java.base/java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:246)
at java.base/sun.security.ssl.JsseJce$EcAvailability.<clinit>(JsseJce.java:172)
at java.base/sun.security.ssl.JsseJce.isEcAvailable(JsseJce.java:131)
RSASSA-PSS and DiffieHellman can be easily fixed by registering their AlgorithmParameters in SunPKCS11 provider. EC might need some extra effort.
To reproduce:
Use the existing FipsModeTLS12.java test (requires NSS), change TLSv1.2 to TLSv1.3 in `SSLContext.getInstance("TLSv1.2", "SunJSSE");`, add logging. TLS 1.3 doesn't work in this configuration yet (next hurdle is JDK-8278640), but the ClientHello is produced without any problems.