Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7009780

Neither SHA 1 nor SHA 256 certs work with two way SSL option: client cert reqstd/not enfrcd

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2
    • Resolution: Not an Issue
    • Affects Version/s: 6u23
    • Fix Version/s: 6u25
    • Component/s: security-libs
    • Labels:

      Backports

        Description

        The Customer is using weblogic 10.3.3.
        With Oracle JRockit(R) (build R28.0.0-679-130297-1.6.0_17-20100312-2128-linux-ia32, compiled mode) or SUN JDK 1.6_23

        The customer has configured two way SSL with the option “Client cert requested but not enforced”

        This is because there are two types of customers in his application:

        a) Users presenting client certificates.
        b) Users using form based authentication.
        The application is designed in such a way that if the users does not present the client certificates then they default to the form based authentication.

        Note: Not all the users have credentials to login through form based authentication (Only Type B users have).

        So type A users will present certificate and if they have a certificate then they will be authenticated.

        And type b users will not have certificates and hence they will default to form based authentication where they will enter the credentials and they will be authenticated.

        Hence the Option “client cert enabled but not enforced”

        Issue:

        - Now the users presenting the client cert with SHA 256 was not accepted.

        - Hence we suggested the customer to use jsse implementation instead of certicom.

        - The JSSE implementation works correctly with two was SSL “client cert requested and enforced” option.

        - The customer cannot use this since they have ‘b’ type of users who does not present a client certificate.

        - So the only option left is two way SSL with the option “client cert requested and not enforced”

        - And, neither the SHA 1 nor SHA 256 certificates work with two way SSL option “client cert requested and not enforced”

        - I think so there is an issue with the JSSE implementation for this particular two way SSL option.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  wetmore Bradford Wetmore
                  Reporter:
                  mhmccart Mary Mccarthy
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: