[jboss-jira] [JBoss JIRA] (WFCORE-3750) Revisit default DSA algorithm for generate-key-pair operation

Darran Lofthouse (Jira) issues at jboss.org
Fri May 31 10:21:00 EDT 2019 

     [ https://issues.jboss.org/browse/WFCORE-3750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse reassigned WFCORE-3750:
----------------------------------------

    Assignee:     (was: Farah Juma)


> Revisit default DSA algorithm for generate-key-pair operation
> -------------------------------------------------------------
>
>                 Key: WFCORE-3750
>                 URL: https://issues.jboss.org/browse/WFCORE-3750
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 5.0.0.Alpha2
>            Reporter: Martin Choma
>            Priority: Major
>
> Generate-key-pair operation use default DSA algorithm. I am unable to connect to such SSL with Firefox or Chrome ("no cipher suite in common"). With RSA private key it works. Can we revisit the default?
> Can we add default information into the model description (algorithm)? In such case it would be best if defaults were specified on subsystem level and not rely on Elytron library defaults.
> Was thinking also about key-size and signature-algorithm, but realized these parameters are computed dynamically based on chosen algorithm.
> {code:title=TLS.handshake}
> 08:19:21,479 INFO  [stdout] (management task-1) *** ClientHello, TLSv1.2
> 08:19:21,480 INFO  [stdout] (management task-1) RandomCookie:  GMT: -151315060 bytes = { 149, 83, 32, 135, 156, 106, 80, 46, 117, 158, 131, 177, 174, 235, 90, 7, 124, 236, 42, 183, 158, 180, 151, 31, 121, 146, 31, 146 }
> 08:19:21,480 INFO  [stdout] (management task-1) Session ID:  {}
> 08:19:21,480 INFO  [stdout] (management task-1) Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
> 08:19:21,480 INFO  [stdout] (management task-1) Compression Methods:  { 0 }
> 08:19:21,480 INFO  [stdout] (management task-1) Extension server_name, server_name: [type=host_name (0), value=localhost]
> 08:19:21,480 INFO  [stdout] (management task-1) Extension extended_master_secret
> 08:19:21,480 INFO  [stdout] (management task-1) Extension renegotiation_info, renegotiated_connection: <empty>
> 08:19:21,480 INFO  [stdout] (management task-1) Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1, secp521r1}
> 08:19:21,480 INFO  [stdout] (management task-1) Extension ec_point_formats, formats: [uncompressed]
> 08:19:21,480 INFO  [stdout] (management task-1) Unsupported extension type_35, data: 
> 08:19:21,480 INFO  [stdout] (management task-1) Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
> 08:19:21,480 INFO  [stdout] (management task-1) Unsupported extension status_request, data: 01:00:00:00:00
> 08:19:21,480 INFO  [stdout] (management task-1) Extension signature_algorithms, signature_algorithms: SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, Unknown (hash:0x8, signature:0x4), Unknown (hash:0x8, signature:0x5), Unknown (hash:0x8, signature:0x6), SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA1withECDSA, SHA1withRSA
> 08:19:21,480 INFO  [stdout] (management task-1) ***
> 08:19:21,480 INFO  [stdout] (management task-1) [read] MD5 and SHA1 hashes:  len = 181
> 08:19:21,481 INFO  [stdout] (management task-1) 0000: 01 00 00 B1 03 03 F7 FB   1E 8C 95 53 20 87 9C 6A  ...........S ..j
> 08:19:21,481 INFO  [stdout] (management task-1) 0010: 50 2E 75 9E 83 B1 AE EB   5A 07 7C EC 2A B7 9E B4  P.u.....Z...*...
> 08:19:21,482 INFO  [stdout] (management task-1) 0020: 97 1F 79 92 1F 92 00 00   1E C0 2B C0 2F CC A9 CC  ..y.......+./...
> 08:19:21,482 INFO  [stdout] (management task-1) 0030: A8 C0 2C C0 30 C0 0A C0   09 C0 13 C0 14 00 33 00  ..,.0.........3.
> 08:19:21,483 INFO  [stdout] (management task-1) 0040: 39 00 2F 00 35 00 0A 01   00 00 6A 00 00 00 0E 00  9./.5.....j.....
> 08:19:21,483 INFO  [stdout] (management task-1) 0050: 0C 00 00 09 6C 6F 63 61   6C 68 6F 73 74 00 17 00  ....localhost...
> 08:19:21,483 INFO  [stdout] (management task-1) 0060: 00 FF 01 00 01 00 00 0A   00 0A 00 08 00 1D 00 17  ................
> 08:19:21,484 INFO  [stdout] (management task-1) 0070: 00 18 00 19 00 0B 00 02   01 00 00 23 00 00 00 10  ...........#....
> 08:19:21,484 INFO  [stdout] (management task-1) 0080: 00 0E 00 0C 02 68 32 08   68 74 74 70 2F 31 2E 31  .....h2.http/1.1
> 08:19:21,484 INFO  [stdout] (management task-1) 0090: 00 05 00 05 01 00 00 00   00 00 0D 00 18 00 16 04  ................
> 08:19:21,485 INFO  [stdout] (management task-1) 00A0: 03 05 03 06 03 08 04 08   05 08 06 04 01 05 01 06  ................
> 08:19:21,485 INFO  [stdout] (management task-1) 00B0: 01 02 03 02 01                                     .....
> 08:19:21,486 INFO  [stdout] (management task-1) %% Initialized:  [Session-5, SSL_NULL_WITH_NULL_NULL]
> 08:19:21,486 INFO  [stdout] (management task-1) management task-1, fatal error: 40: no cipher suites in common
> 08:19:21,486 INFO  [stdout] (management task-1) javax.net.ssl.SSLHandshakeException: no cipher suites in common
> 08:19:21,486 INFO  [stdout] (management task-1) %% Invalidated:  [Session-5, SSL_NULL_WITH_NULL_NULL]
> 08:19:21,486 INFO  [stdout] (management task-1) management task-1, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
> 08:19:21,486 INFO  [stdout] (management task-1) management task-1, WRITE: TLSv1.2 Alert, length = 2
> 08:19:21,487 INFO  [stdout] (management I/O-2) management I/O-2, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
> {code}
> {code:java|title=SelfSignedX509CertificateAndSigningKey.java}
>         /**
>          * The default key algorithm name.
>          */
>         public static final String DEFAULT_KEY_ALGORITHM_NAME = "DSA";
> {code}



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list