Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8263188

JSSE should fail fast if there isn't supported signature algorithm

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: 16, 17
    • Fix Version/s: 17
    • Component/s: security-libs

      Description

      signature_algorithms extension is present, but the algorithms are unreconginzed or unsupported, JSSE peers should send fatal alert immediately.
      For example, in this case, it's unnecssary to try to produce ServerHello, Certificate and ServerKeyExchange messages.

      javax.net.ssl|ERROR|10|main|2021-03-08 22:36:08.645 CST|TransportContext.java:361|Fatal (INTERNAL_ERROR): No supported signature algorithm for RSA key (
      "throwable" : {
        javax.net.ssl.SSLException: No supported signature algorithm for RSA key
         at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
         at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
         at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
         at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
         at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:303)
         at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeMessage.<init>(DHServerKeyExchange.java:137)
         at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeProducer.produce(DHServerKeyExchange.java:481)
         at java.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1120)
         at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:853)
         at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:812)
         at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
         at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
         at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
         at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:199)
         at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
         at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1501)
         at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1415)
         at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450)
         at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:915)
         at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:1006)
         at java.base/java.io.InputStream.read(InputStream.java:218)
         at com.tencent.tls.Utils.readIn(Utils.java:166)
         at com.tencent.tls.JdkServer.acceptNoEx(JdkServer.java:107)
         at com.tencent.tls.TlsServer.main(TlsServer.java:74)}

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jjiang John Jiang
              Reporter:
              jjiang John Jiang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: