Proveedor de JCE Crypto-J de RSA BSAFE: "Servidor Hello" devuelve una curva con nombre sin asignar

2

Estoy usando RSA BSAFE Crypto-J 6.2 JCE provider en Java como servidor SSL / TLS (en el modo compatible con FIPS 140 para SunJSSE).

cuando uso cualquier mecanismo de intercambio de claves basado en una curva elíptica, el protocolo de enlace falla cuando se usa un navegador (Firefox y Chrome) como cliente.

En mi caso específico, uso TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 . El "Cliente Hola" consta de tres curvas con nombre:

Elliptic curve: secp256r1 (0x0017)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: secp521r1 (0x0019)

El servidor resultante Hello siempre vuelve con una curva sin asignar (0xFFFF) Named. Como resultado, el navegador (Firefox) termina la conexión con un error: "sec_error_unsupported_elliptic_curve"

¿Alguien que sabe lo que estoy haciendo mal al configurar la parte del servidor?

: esta es una pregunta de seguimiento para esto pregunta

Edit 1

Aquí es cómo configuro el servidor HTTPS (usé com.sun.net.httpserver.HttpsServer):

HttpsServer httpsServer = HttpsServer.create(address, 1);
SSLContext sslContext = SSLContext.getInstance("TLS");

// keystore
char[] password = "******".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream("mykeystore.p12");
ks.load(fis, password);

// key manager factory
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, password);

// trust manager factory
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);

// HTTPS context
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());

httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
    public void configure(HttpsParameters params) {
        try {
            SSLContext c = getSSLContext();
            SSLEngine engine = c.createSSLEngine();
            params.setNeedClientAuth(false);

            params.setCipherSuites(enabledCipherSuites);
            params.setProtocols(enabledProtocols);

            SSLParameters defaultSSLParameters = c.getDefaultSSLParameters();
            params.setSSLParameters(defaultSSLParameters);
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }
});

Aquí están los cambios relevantes en java.security :

...
com.rsa.cryptoj.fips140initialmode=FIPS140_SSL_MODE
...
security.provider.1=com.rsa.jsafe.provider.JsafeJCE
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider JsafeJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
...
keystore.type=pkcs12
...

Además, eliminé SunJCE de la lista de proveedores.

Edit 2

Este es el Client Hello

Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 129
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 125
            Version: TLS 1.0 (0x0301)
            Random
                GMT Unix Time: Aug 24, 2015 13:14:00.000000000 W. Europe Daylight Time
                Random Bytes: 33a17c871d7229ae33b9f62c99cfa79cb43e6b640efe18bc...
            Session ID Length: 0
            Cipher Suites Length: 58
            Cipher Suites (29 suites)
                Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
                Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
                Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
                Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
                Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
                Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
                Cipher Suite: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
            Compression Methods Length: 1
            Compression Methods (1 method)
                Compression Method: null (0)
            Extensions Length: 26
            Extension: elliptic_curves
                Type: elliptic_curves (0x000a)
                Length: 8
                Elliptic Curves Length: 6
                Elliptic curves (3 curves)
                    Elliptic curve: secp256r1 (0x0017)
                    Elliptic curve: secp384r1 (0x0018)
                    Elliptic curve: secp521r1 (0x0019)
            Extension: ec_point_formats
                Type: ec_point_formats (0x000b)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
                    EC point format: uncompressed (0)
            Extension: SessionTicket TLS
                Type: SessionTicket TLS (0x0023)
                Length: 0
                Data (0 bytes)
            Extension: next_protocol_negotiation
                Type: next_protocol_negotiation (0x3374)
                Length: 0

... y aquí está el correspondiente Server Hello

Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 1762
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 77
            Version: TLS 1.0 (0x0301)
            Random
                GMT Unix Time: Aug 24, 2015 13:12:33.000000000 W. Europe Daylight Time
                Random Bytes: 92d7f2c34202efa7d32934f37fe743795d66c23fe4d75720...
            Session ID Length: 32
            Session ID: 55dafc214d42a0c024fd6770ba008cfedb03b129a0c12cae...
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
            Compression Method: null (0)
            Extensions Length: 5
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 1342
            Certificates Length: 1339
            Certificates (1339 bytes)
                Certificate Length: 811
                Certificate (id-at-countryName=DE,id-at-stateOrProvinceName=BW,id-at-localityName=*************,id-at-organizationName=******************,id-at-organizationalUnitName=***************,id-at-commonName=****************)
                Certificate Length: 522
                Certificate (id-at-commonName=swdevbbn)
        Handshake Protocol: Server Key Exchange
            Handshake Type: Server Key Exchange (12)
            Length: 327
            EC Diffie-Hellman Server Params
                Curve Type: named_curve (0x03)
                Named Curve: Unknown (0xffff)
                Pubkey Length: 65
                Pubkey: 04d7477d158ae38a62576e93b5a0b681494c4f6467ada53f...
                Signature Length: 256
                Signature: 4b415df019b2e0119778e3418d7a890753dd6552253367ed...
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
    
pregunta Cris 21.08.2015 - 14:03
fuente

1 respuesta

1

El problema descrito aquí se ha solucionado con el proveedor RSA BSAFE Crypto-J 6.2.1 JCE .

    
respondido por el Cris 03.03.2016 - 12:32
fuente

Lea otras preguntas en las etiquetas