Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8225766

Curve in certificate should not affect signature scheme when using TLSv1.3

    Details

    • Subcomponent:
    • Resolved In Build:
      b27
    • Verification:
      Verified

      Backports

        Description

        In TLSv1.3, the signature schemes are listed by extension signature_algorithms.
        The scheme selection would not be affected by the curve in certificate.

        For example, the key store contains only one ECDSA certificate, which uses secp256r1 curve, and the extension supported_groups contains only secp521r1.

        With JSSE logs, ClientHello lists this extension as below,
            "signature_algorithms (13)": {
              "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
            },

        But when try to produce Certificate message, it raises errors:
        CertificateMessage.java:1062|Unavailable authentication scheme: ecdsa_secp256r1_sha256
        ...
        CertificateMessage.java:1062|Unavailable authentication scheme: ecdsa_secp521r1_sha512
        ...
        javax.net.ssl|ERROR|0C|MainThread|2019-06-14 11:01:39.752 CST|TransportContext.java:312|Fatal (HANDSHAKE_FAILURE): No available authentication scheme (
        "throwable" : {
          javax.net.ssl.SSLHandshakeException: No available authentication scheme
           at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
           at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
           at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
           at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
           at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:254)
           at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:951)
           at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:940)
           at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
           at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1225)
           at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1161)
           at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:852)
           at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:813)
           at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
           at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
           at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
           at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
           at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
           at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1383)
           at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1291)
           at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:436)
           at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:806)
           at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:897)
           at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:857)
           at SSLSocketTemplate.runServerApplication(SSLSocketTemplate.java:93)
           at SSLSocketTemplate.doServerSide(SSLSocketTemplate.java:275)
           at SSLSocketTemplate.startServer(SSLSocketTemplate.java:644)
           at SSLSocketTemplate.bootup(SSLSocketTemplate.java:558)
           at SSLSocketTemplate.run(SSLSocketTemplate.java:82)
                ...
        )

        I suppose scheme ecdsa_secp256r1_sha256 could be selected.

        In fact, if the supported_groups contains secp256r1 only, CertificateVerify message selectes ecdsa_secp256r1_sha256.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  xuelei Xue-Lei Fan
                  Reporter:
                  jjiang John Jiang
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: