Blocks :
|
|
Blocks :
|
|
CSR :
|
|
Relates :
|
|
Relates :
|
|
Relates :
|
|
Relates :
|
|
Relates :
|
A DESCRIPTION OF THE PROBLEM : We are trying to disable RSASSA-PSS, because it is not supported in the JCE PKCS11 wrapper, and causes errors when setting up TLS1.2 errors. It is possible to do this using jdk.tls.disabledAlgorithms with RSASSA-PSS, if this is done on both sides (client & server). But if this is done only on the client side, which means the server still gives RSASSA-PSS as one of the options in it's CertificateRequest message, the client will still choose RSASSA-PSS and fail. I think the core of the problem lies within the CertificateVerify.T12CertificateVerifyMessage constructor, which selects the signature algorithm as follows: this.signatureScheme = SignatureScheme.getPreferableAlgorithm( chc.peerRequestedSignatureSchemes, x509Possession.popPrivateKey, chc.negotiatedProtocol); chc.peerRequestedSignatureSchemes holds -all- algorithms sent by the server in it's CertificateRequest message. Disabled algorithms are not filtered out. The getPreferableAlgorithm method also does not consider disabled algorithms. STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Set up TLS 1.2 client with jdk.tls.disabledAlgorithms with RSASSA-PSS Set up TLS 1.2 server which does not have RSASSA-PSS disabled Connect the client to the server. FREQUENCY : always
|