JDK-8263188 : JSSE should fail fast if there isn't supported signature algorithm
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 16,17
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2021-03-08
  • Updated: 2021-04-01
  • Resolved: 2021-03-29
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17
17 b16Fixed
Related Reports
Relates :  
Description
signature_algorithms extension is present, but the algorithms are unreconginzed or unsupported, JSSE peers should send fatal alert immediately.
For example, in this case, it's unnecssary to try to produce ServerHello, Certificate and ServerKeyExchange messages.

javax.net.ssl|ERROR|10|main|2021-03-08 22:36:08.645 CST|TransportContext.java:361|Fatal (INTERNAL_ERROR): No supported signature algorithm for RSA  key (
"throwable" : {
  javax.net.ssl.SSLException: No supported signature algorithm for RSA  key
  	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
  	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
  	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
  	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
  	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:303)
  	at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeMessage.<init>(DHServerKeyExchange.java:137)
  	at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeProducer.produce(DHServerKeyExchange.java:481)
  	at java.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1120)
  	at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:853)
  	at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:812)
  	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
  	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
  	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
  	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:199)
  	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
  	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1501)
  	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1415)
  	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450)
  	at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:915)
  	at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:1006)
  	at java.base/java.io.InputStream.read(InputStream.java:218)
  	at com.tencent.tls.Utils.readIn(Utils.java:166)
  	at com.tencent.tls.JdkServer.acceptNoEx(JdkServer.java:107)
  	at com.tencent.tls.TlsServer.main(TlsServer.java:74)}
Comments
Changeset: 99b4bab3 Author: John Jiang <jjiang@openjdk.org> Date: 2021-03-29 05:53:05 +0000 URL: https://git.openjdk.java.net/jdk/commit/99b4bab3
29-03-2021

@jnimeh I just removed label noreg-hard, and will develop the test cases that you suggested. I may consult you for the test details.
09-03-2021

While it may be difficult to write regression tests for all the cases here, I believe it should be possible to write them to cover: * TLS 1.2 and 1.3 client hellos where the server receives signature_algorithms with all unknown/unsupported algorithms, expect to see Alert * TLS 1.2 and 1.3 client hellos with multiple unknown/unsupported algorithms and exactly one supported algorithm, expect to see the handshake progress beyond the server hello (you may not need to run the whole handshake to verify you're getting past the CH consumer checks). A possible CR test for 1.2 is tougher, but again it could be accomplished. A TLS 1.3 CR test is really hard to do given the test tools we have within jtreg right now. But I think we could do at least partial verification of the fix and remove the noreg-hard label. Let me know if you want to discuss approaches in detail.
08-03-2021