[jboss-jira] [JBoss JIRA] (WFCORE-3750) Revisit default DSA algorithm for generate-key-pair operation

Martin Choma (JIRA) issues at jboss.org
Tue Apr 17 03:19:00 EDT 2018 

Martin Choma created WFCORE-3750:
------------------------------------

             Summary: Revisit default DSA algorithm for generate-key-pair operation
                 Key: WFCORE-3750
                 URL: https://issues.jboss.org/browse/WFCORE-3750
             Project: WildFly Core
          Issue Type: Bug
          Components: Security
    Affects Versions: 5.0.0.Alpha2
            Reporter: Martin Choma
            Assignee: Darran Lofthouse


Generate-key-pair operation use default DSA algorithm. I am unable to connect to such SSL with Firefox or Chrome ("no cipher suite in common"). With RSA private key it works. Can we revisit the default?

Can we add default information into the model description (algorithm)? In such case it would be best if defaults were specified on subsystem level and not rely on Elytron library defaults.
Was thinking also about key-size and signature-algorithm, but realized these parameters are computed dynamically based on chosen algorithm.

{code:title=TLS.handshake}
08:19:21,479 INFO  [stdout] (management task-1) *** ClientHello, TLSv1.2
08:19:21,480 INFO  [stdout] (management task-1) RandomCookie:  GMT: -151315060 bytes = { 149, 83, 32, 135, 156, 106, 80, 46, 117, 158, 131, 177, 174, 235, 90, 7, 124, 236, 42, 183, 158, 180, 151, 31, 121, 146, 31, 146 }
08:19:21,480 INFO  [stdout] (management task-1) Session ID:  {}
08:19:21,480 INFO  [stdout] (management task-1) Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
08:19:21,480 INFO  [stdout] (management task-1) Compression Methods:  { 0 }
08:19:21,480 INFO  [stdout] (management task-1) Extension server_name, server_name: [type=host_name (0), value=localhost]
08:19:21,480 INFO  [stdout] (management task-1) Extension extended_master_secret
08:19:21,480 INFO  [stdout] (management task-1) Extension renegotiation_info, renegotiated_connection: <empty>
08:19:21,480 INFO  [stdout] (management task-1) Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1, secp521r1}
08:19:21,480 INFO  [stdout] (management task-1) Extension ec_point_formats, formats: [uncompressed]
08:19:21,480 INFO  [stdout] (management task-1) Unsupported extension type_35, data: 
08:19:21,480 INFO  [stdout] (management task-1) Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
08:19:21,480 INFO  [stdout] (management task-1) Unsupported extension status_request, data: 01:00:00:00:00
08:19:21,480 INFO  [stdout] (management task-1) Extension signature_algorithms, signature_algorithms: SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, Unknown (hash:0x8, signature:0x4), Unknown (hash:0x8, signature:0x5), Unknown (hash:0x8, signature:0x6), SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA1withECDSA, SHA1withRSA
08:19:21,480 INFO  [stdout] (management task-1) ***
08:19:21,480 INFO  [stdout] (management task-1) [read] MD5 and SHA1 hashes:  len = 181
08:19:21,481 INFO  [stdout] (management task-1) 0000: 01 00 00 B1 03 03 F7 FB   1E 8C 95 53 20 87 9C 6A  ...........S ..j
08:19:21,481 INFO  [stdout] (management task-1) 0010: 50 2E 75 9E 83 B1 AE EB   5A 07 7C EC 2A B7 9E B4  P.u.....Z...*...
08:19:21,482 INFO  [stdout] (management task-1) 0020: 97 1F 79 92 1F 92 00 00   1E C0 2B C0 2F CC A9 CC  ..y.......+./...
08:19:21,482 INFO  [stdout] (management task-1) 0030: A8 C0 2C C0 30 C0 0A C0   09 C0 13 C0 14 00 33 00  ..,.0.........3.
08:19:21,483 INFO  [stdout] (management task-1) 0040: 39 00 2F 00 35 00 0A 01   00 00 6A 00 00 00 0E 00  9./.5.....j.....
08:19:21,483 INFO  [stdout] (management task-1) 0050: 0C 00 00 09 6C 6F 63 61   6C 68 6F 73 74 00 17 00  ....localhost...
08:19:21,483 INFO  [stdout] (management task-1) 0060: 00 FF 01 00 01 00 00 0A   00 0A 00 08 00 1D 00 17  ................
08:19:21,484 INFO  [stdout] (management task-1) 0070: 00 18 00 19 00 0B 00 02   01 00 00 23 00 00 00 10  ...........#....
08:19:21,484 INFO  [stdout] (management task-1) 0080: 00 0E 00 0C 02 68 32 08   68 74 74 70 2F 31 2E 31  .....h2.http/1.1
08:19:21,484 INFO  [stdout] (management task-1) 0090: 00 05 00 05 01 00 00 00   00 00 0D 00 18 00 16 04  ................
08:19:21,485 INFO  [stdout] (management task-1) 00A0: 03 05 03 06 03 08 04 08   05 08 06 04 01 05 01 06  ................
08:19:21,485 INFO  [stdout] (management task-1) 00B0: 01 02 03 02 01                                     .....
08:19:21,486 INFO  [stdout] (management task-1) %% Initialized:  [Session-5, SSL_NULL_WITH_NULL_NULL]
08:19:21,486 INFO  [stdout] (management task-1) management task-1, fatal error: 40: no cipher suites in common
08:19:21,486 INFO  [stdout] (management task-1) javax.net.ssl.SSLHandshakeException: no cipher suites in common
08:19:21,486 INFO  [stdout] (management task-1) %% Invalidated:  [Session-5, SSL_NULL_WITH_NULL_NULL]
08:19:21,486 INFO  [stdout] (management task-1) management task-1, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
08:19:21,486 INFO  [stdout] (management task-1) management task-1, WRITE: TLSv1.2 Alert, length = 2
08:19:21,487 INFO  [stdout] (management I/O-2) management I/O-2, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
{code}

{code:java|title=SelfSignedX509CertificateAndSigningKey.java}

        /**
         * The default key algorithm name.
         */
        public static final String DEFAULT_KEY_ALGORITHM_NAME = "DSA";

{code}




--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list