JDK-8263188 : JSSE should fail fast if there isn't supported signature algorithm
- Type: Bug
- Component: security-libs
- Sub-Component: javax.net.ssl
- Affected Version: 16,17
- Priority: P4
- Status: Resolved
- Resolution: Fixed
- Submitted: 2021-03-08
- Updated: 2021-04-01
- Resolved: 2021-03-29
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 17 |
|---|
17 b16Fixed  |
Related Reports
|
Relates :
|
Description
signature_algorithms extension is present, but the algorithms are unreconginzed or unsupported, JSSE peers should send fatal alert immediately.
For example, in this case, it's unnecssary to try to produce ServerHello, Certificate and ServerKeyExchange messages.
javax.net.ssl|ERROR|10|main|2021-03-08 22:36:08.645 CST|TransportContext.java:361|Fatal (INTERNAL_ERROR): No supported signature algorithm for RSA key (
"throwable" : {
javax.net.ssl.SSLException: No supported signature algorithm for RSA key
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:356)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:303)
at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeMessage.<init>(DHServerKeyExchange.java:137)
at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeProducer.produce(DHServerKeyExchange.java:481)
at java.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1120)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:853)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:812)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:199)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1501)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1415)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:915)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:1006)
at java.base/java.io.InputStream.read(InputStream.java:218)
at com.tencent.tls.Utils.readIn(Utils.java:166)
at com.tencent.tls.JdkServer.acceptNoEx(JdkServer.java:107)
at com.tencent.tls.TlsServer.main(TlsServer.java:74)}
Comments
|