JDK-8243556 : [TESTBUG] sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java fails after JDK-8243029
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2020-04-24
  • Updated: 2020-04-24
  • Resolved: 2020-04-24
Related Reports
Duplicate :  
Relates :  
Description
STDOUT:
NamedGroup: ffDhe2048
Protocol: TLSv1.3, cipher suite: TLS_AES_128_GCM_SHA256
Protocol: TLSv1.3, cipher suite: TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3, cipher suite: TLS_CHACHA20_POLY1305_SHA256
Protocol: TLSv1.2, cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Protocol: TLSv1.2, cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Protocol: TLSv1.2, cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Protocol: TLSv1.2, cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Protocol: TLSv1.2, cipher suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Protocol: TLSv1.1, cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Server failed: javax.net.ssl.SSLException: Unsupported signature algorithm: DSA
javax.net.ssl.SSLException: Unsupported signature algorithm: DSA
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:325)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:268)
        at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeMessage.<init>(DHServerKeyExchange.java:152)
        at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeProducer.produce(DHServerKeyExchange.java:481)
        at java.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1120)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:853)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:812)
        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:445)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:423)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1474)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1380)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
        at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:880)
        at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:971)
        at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:931)
        at SSLSocketTemplate.runServerApplication(SSLSocketTemplate.java:94)
        at SSLSocketTemplate.doServerSide(SSLSocketTemplate.java:280)
        at SSLSocketTemplate.startServer(SSLSocketTemplate.java:584)
        at SSLSocketTemplate.bootup(SSLSocketTemplate.java:498)
        at SSLSocketTemplate.run(SSLSocketTemplate.java:83)
        at NamedGroupsWithCipherSuite.main(NamedGroupsWithCipherSuite.java:154)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:564)
        at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
        at java.base/java.lang.Thread.run(Thread.java:832)
Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size
        at java.base/sun.security.provider.DSA.checkKey(DSA.java:124)
        at java.base/sun.security.provider.DSA.engineInitSign(DSA.java:156)
        at java.base/java.security.Signature$Delegate.tryOperation(Signature.java:1307)
        at java.base/java.security.Signature$Delegate.chooseProvider(Signature.java:1256)
        at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1353)
        at java.base/java.security.Signature.initSign(Signature.java:635)
        at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeMessage.getSignature(DHServerKeyExchange.java:435)
        at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeMessage.<init>(DHServerKeyExchange.java:148)
        ... 27 more

Comments
OK. Thanks John Jiang.
24-04-2020

JDK-8243549 will fix this issue.
24-04-2020

TLS_DHE_DSS_WITH_AES_128_CBC_SHA should be supported by pre-TLSv1.2 protocols.
24-04-2020

It might be fixed by ``` diff -r 70c2239696ae test/jdk/javax/net/ssl/TLSCommon/CipherSuite.java --- a/test/jdk/javax/net/ssl/TLSCommon/CipherSuite.java Fri Apr 24 16:12:53 2020 +0530 +++ b/test/jdk/javax/net/ssl/TLSCommon/CipherSuite.java Fri Apr 24 20:13:25 2020 +0800 @@ -169,7 +169,7 @@ TLS_DHE_RSA_WITH_AES_128_CBC_SHA( 0x0033, KeyExAlgorithm.DHE_RSA, Protocol.SSLV3, Protocol.TLSV1_2), TLS_DHE_DSS_WITH_AES_128_CBC_SHA( - 0x0032, KeyExAlgorithm.DHE_DSS, Protocol.SSLV3, Protocol.TLSV1_2), + 0x0032, KeyExAlgorithm.DHE_DSS, Protocol.TLSV1_2, Protocol.TLSV1_2), TLS_RSA_WITH_AES_128_CBC_SHA( 0x002F, KeyExAlgorithm.RSA, Protocol.SSLV3, Protocol.TLSV1_2), TLS_KRB5_WITH_3DES_EDE_CBC_MD5( ```
24-04-2020