JDK-8345277 : TLSv1.2 - unable to sign a secp256r1 key with ecdsa_secp384r1_sha384
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 8,11,17,23,24
  • Priority: P4
  • Status: New
  • Resolution: Unresolved
  • OS: generic
  • CPU: generic
  • Submitted: 2024-12-01
  • Updated: 2024-12-02
Related Reports
Relates :  
JDK-8225766 - Curve in certificate should not affect signature scheme when using TLSv1.3
Description
A DESCRIPTION OF THE PROBLEM :
When connecting to an internal device with a JDK17 and TLS v1.2, the handshake fails with this error:

No supported CertificateVerify signature algorithm for EC key

My key uses the EC "secp256r1", and the negociated signature algorithm is "ecdsa_secp384r1_sha384". The CertificateVerity stage fails because the "ecdsa_secp384r1_sha384" can't be used with the named group "secp256r1". I see in the log:

Ignore the signature algorithm (ecdsa_secp384r1_sha384), unsupported EC parameter spec: secp256r1

cf https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java#L503

When I try to connect to this device with openssl and the same certificate/pkey, It works without any issue.
In tlsv1.2, it seem to be legal to use ecdsa_secp384r1_sha384 with a secp256r1 key (but not in tlsv1.3)



FREQUENCY : always
Comments
This issue looks like related to JDK-8225766.
02-12-2024