Provider RSA BSAFE Crypto-J JCE - "Server Hello" restituisce la curva denominata non assegnata

Naviga le tue risposte
2

Sto utilizzando RSA BSAFE Crypto-J 6.2 JCE provider in Java come server SSL / TLS (in modalità compatibile FIPS 140 per SunJSSE).

quando utilizzo un meccanismo di scambio di chiavi basato su una curva ellittica, l'handshake non funziona quando si utilizza un browser (Firefox e Chrome) come client.

Nel mio caso specifico uso TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 . Il "Client Hello" è composto da tre curve denominate: 

Elliptic curve: secp256r1 (0x0017)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: secp521r1 (0x0019)

Il server Hello risultante ritorna sempre con una curva denominata% non assegnata (0xFFFF) . Di conseguenza il browser (Firefox) termina la connessione con un errore: "sec_error_unsupported_elliptic_curve"

Qualcuno che sa cosa sto facendo male nella configurazione del server?

- Questa è una domanda successiva a questo domanda

Modifica 1

Ecco come ho configurato il server HTTPS (ho usato com.sun.net.httpserver.HttpsServer): 

HttpsServer httpsServer = HttpsServer.create(address, 1);
SSLContext sslContext = SSLContext.getInstance("TLS");

// keystore
char[] password = "******".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream("mykeystore.p12");
ks.load(fis, password);

// key manager factory
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, password);

// trust manager factory
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);

// HTTPS context
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());

httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
    public void configure(HttpsParameters params) {
        try {
            SSLContext c = getSSLContext();
            SSLEngine engine = c.createSSLEngine();
            params.setNeedClientAuth(false);

            params.setCipherSuites(enabledCipherSuites);
            params.setProtocols(enabledProtocols);

            SSLParameters defaultSSLParameters = c.getDefaultSSLParameters();
            params.setSSLParameters(defaultSSLParameters);
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }
});

Ecco le modifiche rilevanti in java.security : 

...
com.rsa.cryptoj.fips140initialmode=FIPS140_SSL_MODE
...
security.provider.1=com.rsa.jsafe.provider.JsafeJCE
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider JsafeJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
...
keystore.type=pkcs12
...

Inoltre ho rimosso SunJCE dall'elenco dei provider.

Modifica 2

Questo è Client Hello 

Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 129
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 125
            Version: TLS 1.0 (0x0301)
            Random
                GMT Unix Time: Aug 24, 2015 13:14:00.000000000 W. Europe Daylight Time
                Random Bytes: 33a17c871d7229ae33b9f62c99cfa79cb43e6b640efe18bc...
            Session ID Length: 0
            Cipher Suites Length: 58
            Cipher Suites (29 suites)
                Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
                Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
                Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
                Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
                Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
                Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
                Cipher Suite: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
            Compression Methods Length: 1
            Compression Methods (1 method)
                Compression Method: null (0)
            Extensions Length: 26
            Extension: elliptic_curves
                Type: elliptic_curves (0x000a)
                Length: 8
                Elliptic Curves Length: 6
                Elliptic curves (3 curves)
                    Elliptic curve: secp256r1 (0x0017)
                    Elliptic curve: secp384r1 (0x0018)
                    Elliptic curve: secp521r1 (0x0019)
            Extension: ec_point_formats
                Type: ec_point_formats (0x000b)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
                    EC point format: uncompressed (0)
            Extension: SessionTicket TLS
                Type: SessionTicket TLS (0x0023)
                Length: 0
                Data (0 bytes)
            Extension: next_protocol_negotiation
                Type: next_protocol_negotiation (0x3374)
                Length: 0

... ed ecco il corrispondente Server Hello 

Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 1762
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 77
            Version: TLS 1.0 (0x0301)
            Random
                GMT Unix Time: Aug 24, 2015 13:12:33.000000000 W. Europe Daylight Time
                Random Bytes: 92d7f2c34202efa7d32934f37fe743795d66c23fe4d75720...
            Session ID Length: 32
            Session ID: 55dafc214d42a0c024fd6770ba008cfedb03b129a0c12cae...
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
            Compression Method: null (0)
            Extensions Length: 5
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 1342
            Certificates Length: 1339
            Certificates (1339 bytes)
                Certificate Length: 811
                Certificate (id-at-countryName=DE,id-at-stateOrProvinceName=BW,id-at-localityName=*************,id-at-organizationName=******************,id-at-organizationalUnitName=***************,id-at-commonName=****************)
                Certificate Length: 522
                Certificate (id-at-commonName=swdevbbn)
        Handshake Protocol: Server Key Exchange
            Handshake Type: Server Key Exchange (12)
            Length: 327
            EC Diffie-Hellman Server Params
                Curve Type: named_curve (0x03)
                Named Curve: Unknown (0xffff)
                Pubkey Length: 65
                Pubkey: 04d7477d158ae38a62576e93b5a0b681494c4f6467ada53f...
                Signature Length: 256
                Signature: 4b415df019b2e0119778e3418d7a890753dd6552253367ed...
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
    
posta Cris 21.08.2015 - 14:03
fonte

1 risposta

1

Il problema descritto qui è stato corretto con RSA BSAFE Crypto-J 6.2.1 JCE provider.

    
risposta data 03.03.2016 - 12:32
fonte

Leggi altre domande sui tag

È sicuro che un'app per iPad esegua un server webDAV su localhost senza autenticazione? Che cosa vede / traccia il mio iPhone quando è collegato al mio macbook PC?