Related
I recently added SSL to my website and it can be accessed over https. Now when my java application tries to make requests to my website and read from it with a buffered reader it produces this stack trace
Im not using a self signed certificate the cert is from Namecheap who uses COMODO SSL as the CA to sign my certificate. im using java 8
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:503)
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1482)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1351)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
My code is very basic and simply tries to read the page on my site using a buffered reader
private void populateDataList() {
try {
URL url = new URL("https://myURL.com/Data/Data.txt");
URLConnection con = url.openConnection();
con.setRequestProperty("Connection", "close");
con.setDoInput(true);
con.setUseCaches(false);
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String line;
int i = 0;
while((line = in.readLine()) != null) {
this.url.add(i, line);
i++;
}
} catch (Exception e) {
e.printStackTrace();
}
}
Ive tried adding my SSL certificate to the JVM's Keystore and Ive also even tried to accept every certificate (which defeats the purpose of SSL I know) with this code
private void trustCertificate() {
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (GeneralSecurityException e) {
}
try {
URL url = new URL("https://myURL.com/index.php");
URLConnection con = url.openConnection();
BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream()));
String line;
while((line = br.readLine()) != null) {
System.out.println(line);
}
} catch (Exception e) {
}
}
Im stumped and any help would be much appreciated!
In $JRE/lib/security/java.security:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL
This line is enabled, after I commented out this line, everything is working fine. Apparently after/in jre1.8.0_181 this line is enabled.
My Java version is "1.8.0_201.
I also run into this with the Java8 update 1.8.0.229 on Ubuntu 18.04.
I changed the following part:
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
#jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
# DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
# include jdk.disabled.namedCurves
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
I removed TLSv1 and TLSv1.1 from the list of jdk.tls.disabledAlgorithms inside the file
/etc/java-8-openjdk/security/java.security
After checking this:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 28
Server version: 5.7.33-0ubuntu0.18.04.1 (Ubuntu)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SHOW GLOBAL VARIABLES LIKE 'tls_version';
+---------------+-----------------------+
| Variable_name | Value |
+---------------+-----------------------+
| tls_version | TLSv1,TLSv1.1,TLSv1.2 |
+---------------+-----------------------+
1 row in set (0.00 sec)
mysql> exit
protocol is disabled or cipher suites are inappropriate
The key to the problem lies in that statement. What it basically means is either:
The TLS implementation used by the client does not support the cipher suites used by the server's certificate.
The TLS configuration on the server has disabled cipher suites supported by the client.
The TLS configurations on the client disable cipher suites offered by the server.
TLS version incompatibility between the client and server.
This leads to handshake failure in TLS, and the connection fails. Check one or all of the three scenarios above.
You can add the expected TLS protocol to your connection string like this:
jdbc:mysql://localhost:3306/database_name?enabledTLSProtocols=TLSv1.2
That fixed the problem for me.
Edit 04-02-2022:
As Yair's comment says:
Since Connector/J 8.0.28 enabledTLSProtocols has been renamed to tlsVersions.
In my case I am runnig Centos 8 and had the same issue with Imap/Java.
Had to update the system-wide cryptographic policy level.
update-crypto-policies --set LEGACY
reboot machine.
Thats it.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/security_considerations-in-adopting-rhel-8#tls-v10-v11_security
We started experiencing this problem after upgrading to jre1.8.0_291. I commented out "jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA,
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL,
include jdk.disabled.namedCurves" in java.security located in C:\Program Files\Java\jre1.8.0_291\lib\security which resolved the problem.
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
For posterity, I recently bumped up against this using IBM's JDK8 implementation which specifically disables TLS1.1 and 1.2 by default (sic). If you want to see what TLS versions are supported by the JVM, run something like the following code:
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, null, null);
String[] supportedProtocols = context.getDefaultSSLParameters().getProtocols();
System.out.println(Arrays.toString(supportedProtocols));
The code spits out [TLSv1] by default under AIX JDK8. Not good. Under Redhat and Solaris it spits out [TLSv1, TLSv1.1, TLSv1.2].
I could not find any values in the java.security file to fix this issue but there might be some for your architecture. In the IBM specific case, we have to add:
-Dcom.ibm.jsse2.overrideDefaultTLS=true
In my case I had to upgrade the mysql client library to the latest version and it started working again:
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.24</version>
</dependency>
I have encountered
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
error when accessing TLS 1.3 enabled endpoint from a Java 11 application. That is a usual case in GCP, for example.
The problem has gone away without any changes in my code just by upgrading from Java 11 to Java 14.
The Java 11 doesn't deprecate earlier TLS protocol versions by default. Instead of configuring it, simple upgrade of the runtime to Java 14 has helped.
Apparently, if you have TLS 1.0 disabled the emails won't be sent out. TLS Versions 1.1 and 1.2 do not work. Peter's suggestion did the trick for me.
I was face with the same situation on a tomcat7 server, 5.7.34-0ubuntu0.18.04.1, openjdk version "1.8.0_292"
I tried many approaches like disabling SSL in the server.xml file, changing the connection strings etc etc
but in the end all i did was to edit the file java.security with
sudo nano /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security
comment out and remove TLSv1 and TLSv1.1
# Comment the line below
#jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
# DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
# include jdk.disabled.namedCurves
# your new line should read as beloew
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
For ME in this case :
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
I found that this is JDK/JRE (Java\jdk1.8.0_291\jre\lib\security) config related, and in order to solve it you need to Disable the TLS anon and NULL cipher suites.
You can found how to do this in the oficial documentation here:
https://www.java.com/en/configure_crypto.html
Also before doing this, consider the implications of using LEGACY algorithms.
upgraded from 1 to 2 + modifying the $JRE/lib/security/java.security file did the trick.
before after mysql driver
I am using Play 2.5.x (Scala). The default server is Netty. I can't find a way to disable some (weak) specific ciphers as well as client renegotiation.
The Play doc refers to JSSE settings:
https://www.playframework.com/documentation/2.3.x/ConfiguringHttps
How do I use these JSSE settings in a config file ? Or is there a different way to achieve this ?
As described in the documentation, create a properties file (let's call it jvm.security.properties) that looks something like the following:
jdk.tls.disabledAlgorithms=EC keySize < 160, RSA keySize < 2048, DSA keySize < 2048
jdk.tls.rejectClientInitiatedRenegotiation=true
jdk.certpath.disabledAlgorithms=MD2, MD4, MD5, EC keySize < 160, RSA keySize < 2048, DSA keySize < 2048
Then start up the JVM with that properties file:
java -Djava.security.properties=jvm.security.properties
I have a Java Agent running on a Domino Server. It was running fine on version Domino 9.0.1 FP7. The MS Windows server is 2003. Waiting on SQL server version.
Now we upgraded the Domino Server to 9.0.1 FP9. The JVM went from 1.6 to 1.8.
I am assuming this Exception error is caused by the JVM or Java Policy because I upgraded the JDBC driver from 4.2 to 6.2.2 trying to fix this with no success (same error).
Connection String Original (JDBC Driver ...jvm/lib/ext/mssql-jdbc-6.2.2.jre8.jar)
String driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver";
String url = "jdbc:sqlserver://SERVER";
Connection String Same Result (JDBC Driver ...jvm/lib/ext/mssql-jdbc-6.2.2.jre8.jar) - added encrypt=false.
String driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver";
String url = "jdbc:sqlserver://SERVER:1433;encrypt=false;";
The Exception
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:e8a3a2c4-d9a9-4f82-a63f-967cae0c29f0".
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:2435)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1816)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2022)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1687)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:1528)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:866)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:569)
at java.sql.DriverManager.getConnection(DriverManager.java:675)
at java.sql.DriverManager.getConnection(DriverManager.java:258)
at OrderTrackOrders.NotesMain(Unknown Source)
at lotus.domino.AgentBase.runNotes(Unknown Source)
at lotus.domino.NotesThread.run(Unknown Source)
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:e8a3a2c4-d9a9-4f82-a63f-967cae0c29f0
at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.ensureSSLPayload(IOBuffer.java:774)
at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.readInternal(IOBuffer.java:830)
at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.read(IOBuffer.java:821)
at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.readInternal(IOBuffer.java:1003)
at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.read(IOBuffer.java:991)
at com.ibm.jsse2.b.a(b.java:272)
at com.ibm.jsse2.b.a(b.java:148)
at com.ibm.jsse2.at.a(at.java:19)
at com.ibm.jsse2.at.i(at.java:627)
at com.ibm.jsse2.at.a(at.java:689)
at com.ibm.jsse2.at.startHandshake(at.java:432)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1753)
... 10 more
Prior to Domino FeaturePack 9 this agent ran fine on FP6 and FP8.
This is a security issue related to disabled TLS security cyphers in the FP9 java.security file when connecting to a MS SQL server running on Windows 2003 server.
The solution is to make this change in the java.security file 'Domino Program Dir/jvm/lib/security/java.security'
Change these two lines to remove 3DES_EDE_CBC, DESede
From:
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, 3DES_EDE_CBC, DESede, \ EC keySize < 224
To:
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, EC keySize < 224
Feature Pack 9 makes the following changes to the java.security file in the Domino Program directory on the server:
Domino Program Dir/jvm/lib/security/java.security
Change 1
Prior to FP9:
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
Updated in FP9:
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, EC keySize < 224
Change 2
Prior to FP9: jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
Updated in FP9: jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
Change 3
Prior to FP9: jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
Updated in FP9:
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, 3DES_EDE_CBC, DESede, \
EC keySize < 224
Change 4 (the following entries are NEW in FP9)
jdk.xml.dsig.secureValidationPolicy=\
disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\
disallowAlg http://www.w3.org/2001/04/xmldsig-more#rsa-md5,\
disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\
disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\
maxTransforms 5,\
maxReferences 30,\
disallowReferenceUriSchemes file http https,\
minKeySize RSA 1024,\
minKeySize DSA 1024,\
noDuplicateIds,\
noRetrievalMethodLoops
sun.rmi.registry.registryFilter=javax.rmi.CORBA.Stub
Check out java.security, try to comment disabled ciphers (I cannot get exact property now, search for SSL), or this https://blogs.msdn.microsoft.com/dataaccesstechnologies/2016/11/30/intermittent-jdbc-connectivity-issue-the-driver-could-not-establish-a-secure-connection-to-sql-server-by-using-secure-sockets-layer-ssl-encryption-error-sql-server-returned-an-incomplete-respons/
Real solution would be to test 1433 with openssl and check what encryption settings should be used.
Information about my implementation
The code snippet below highlights my current implementation of a crypto object, using both the AES cipher and CTR mode of operation.
import javax.crypto.Cipher;
public abstract class Crypto {
private static final String CIPHER_ALGORITHM = "AES/CTR/NoPadding";
private String AesKeyString = "ByWelFHCgFqivFZrWs89LQ==";
private void setKey() throws NoSuchAlgorithmException{
byte[] keyBytes;
keyBytes = Base64.getDecoder().decode(AesKeyString);
aesKey = new SecretKeySpec(keyBytes, "AES");
}
protected byte[] execute(int mode, byte[] target, byte[] iv)
throws Exception{
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(mode, aesKey, ivSpec);
return cipher.doFinal(target);
}
}
As far as I'm concerned, the getInstance() method returns a Cipher object that implements the requested transformation, from the first Provider that supports this transformation.
Following, there is a list containing all of my available providers:
SUN
Alg.Alias.Signature.SHA1/DSA SHA1withDSA
Alg.Alias.Signature.1.2.840.10040.4.3 SHA1withDSA
Alg.Alias.Signature.DSS SHA1withDSA
SecureRandom.SHA1PRNG ImplementedIn Software
KeyStore.JKS sun.security.provider.JavaKeyStore$DualFormatJKS
Alg.Alias.MessageDigest.SHA-1 SHA
MessageDigest.SHA sun.security.provider.SHA
KeyStore.CaseExactJKS sun.security.provider.JavaKeyStore$CaseExactJKS
CertStore.com.sun.security.IndexedCollection ImplementedIn Software
Signature.SHA256withDSA sun.security.provider.DSA$SHA256withDSA
Alg.Alias.MessageDigest.OID.1.3.14.3.2.26 SHA
Alg.Alias.Signature.DSA SHA1withDSA
KeyFactory.DSA ImplementedIn Software
KeyStore.JKS ImplementedIn Software
AlgorithmParameters.DSA ImplementedIn Software
Signature.NONEwithDSA sun.security.provider.DSA$RawDSA
Alg.Alias.CertificateFactory.X509 X.509
Signature.SHA256withDSA SupportedKeyClasses java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
CertStore.com.sun.security.IndexedCollection sun.security.provider.certpath.IndexedCollectionCertStore
Provider.id className sun.security.provider.Sun
Alg.Alias.MessageDigest.1.3.14.3.2.26 SHA
Alg.Alias.Signature.SHA-1/DSA SHA1withDSA
KeyStore.DKS sun.security.provider.DomainKeyStore$DKS
Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2 SHA256withDSA
CertificateFactory.X.509 ImplementedIn Software
Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1 SHA224withDSA
Signature.SHA1withDSA KeySize 1024
Signature.NONEwithDSA KeySize 1024
KeyFactory.DSA sun.security.provider.DSAKeyFactory
CertPathValidator.PKIX ImplementedIn Software
Configuration.JavaLoginConfig sun.security.provider.ConfigFile$Spi
Alg.Alias.Signature.OID.1.2.840.10040.4.3 SHA1withDSA
Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4 SHA-224
Alg.Alias.KeyFactory.1.2.840.10040.4.1 DSA
MessageDigest.MD5 ImplementedIn Software
Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3 SHA-512
Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2 SHA-384
Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1 SHA-256
Alg.Alias.Signature.RawDSA NONEwithDSA
Provider.id name SUN
Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1 DSA
CertPathBuilder.PKIX ValidationAlgorithm RFC3280
Policy.JavaPolicy sun.security.provider.PolicySpiFile
Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1 DSA
Signature.SHA224withDSA KeySize 2048
Alg.Alias.AlgorithmParameters.1.3.14.3.2.12 DSA
Alg.Alias.Signature.SHA/DSA SHA1withDSA
Alg.Alias.KeyPairGenerator.1.3.14.3.2.12 DSA
MessageDigest.SHA-384 sun.security.provider.SHA5$SHA384
MessageDigest.SHA-224 sun.security.provider.SHA2$SHA224
Signature.SHA1withDSA ImplementedIn Software
AlgorithmParameterGenerator.DSA sun.security.provider.DSAParameterGenerator
Signature.NONEwithDSA SupportedKeyClasses java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
MessageDigest.SHA-512 sun.security.provider.SHA5$SHA512
Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1 DSA
CertPathBuilder.PKIX sun.security.provider.certpath.SunCertPathBuilder
Alg.Alias.Signature.1.3.14.3.2.27 SHA1withDSA
Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4 SHA-224
CertPathBuilder.PKIX ImplementedIn Software
Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3 SHA-512
Provider.id version 1.8
Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2 SHA-384
Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1 SHA-256
Signature.SHA256withDSA KeySize 2048
AlgorithmParameters.DSA sun.security.provider.DSAParameters
Signature.SHA1withDSA SupportedKeyClasses java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
CertStore.Collection sun.security.provider.certpath.CollectionCertStore
AlgorithmParameterGenerator.DSA ImplementedIn Software
KeyPairGenerator.DSA KeySize 2048
CertStore.LDAP sun.security.provider.certpath.ldap.LDAPCertStore
Alg.Alias.Signature.2.16.840.1.101.3.4.3.2 SHA256withDSA
CertificateFactory.X.509 sun.security.provider.X509Factory
Alg.Alias.Signature.2.16.840.1.101.3.4.3.1 SHA224withDSA
CertStore.LDAP LDAPSchema RFC2587
KeyPairGenerator.DSA ImplementedIn Software
CertStore.LDAP ImplementedIn Software
CertPathValidator.PKIX ValidationAlgorithm RFC3280
Signature.SHA224withDSA sun.security.provider.DSA$SHA224withDSA
CertStore.Collection ImplementedIn Software
Alg.Alias.Signature.1.3.14.3.2.13 SHA1withDSA
CertPathValidator.PKIX sun.security.provider.certpath.PKIXCertPathValidator
Alg.Alias.MessageDigest.SHA1 SHA
AlgorithmParameterGenerator.DSA KeySize 2048
SecureRandom.SHA1PRNG sun.security.provider.SecureRandom
Signature.SHA1withDSA sun.security.provider.DSA$SHA1withDSA
Alg.Alias.KeyFactory.1.3.14.3.2.12 DSA
KeyPairGenerator.DSA sun.security.provider.DSAKeyPairGenerator
MessageDigest.SHA ImplementedIn Software
Provider.id info SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS & DKS keystores; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)
Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1 DSA
MessageDigest.SHA-256 sun.security.provider.SHA2$SHA256
Alg.Alias.Signature.DSAWithSHA1 SHA1withDSA
MessageDigest.MD5 sun.security.provider.MD5
Alg.Alias.Signature.SHAwithDSA SHA1withDSA
Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1 DSA
Signature.SHA224withDSA SupportedKeyClasses java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
MessageDigest.MD2 sun.security.provider.MD2
SunRsaSign
Signature.SHA224withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Alg.Alias.Signature.OID.1.2.840.113549.1.1.2 MD2withRSA
Provider.id name SunRsaSign
Signature.SHA224withRSA sun.security.rsa.RSASignature$SHA224withRSA
Signature.SHA512withRSA sun.security.rsa.RSASignature$SHA512withRSA
Signature.MD5withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Signature.MD2withRSA sun.security.rsa.RSASignature$MD2withRSA
Signature.MD2withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1 RSA
Provider.id version 1.8
KeyFactory.RSA sun.security.rsa.RSAKeyFactory
Signature.SHA512withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Signature.MD5withRSA sun.security.rsa.RSASignature$MD5withRSA
Signature.SHA256withRSA sun.security.rsa.RSASignature$SHA256withRSA
Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1 RSA
Signature.SHA1withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Alg.Alias.Signature.OID.1.2.840.113549.1.1.14 SHA224withRSA
Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1 RSA
Alg.Alias.Signature.OID.1.2.840.113549.1.1.13 SHA512withRSA
Signature.SHA256withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Alg.Alias.Signature.OID.1.2.840.113549.1.1.12 SHA384withRSA
Alg.Alias.Signature.OID.1.2.840.113549.1.1.11 SHA256withRSA
Provider.id info Sun RSA signature provider
Signature.SHA1withRSA sun.security.rsa.RSASignature$SHA1withRSA
Signature.SHA384withRSA sun.security.rsa.RSASignature$SHA384withRSA
Alg.Alias.Signature.1.3.14.3.2.29 SHA1withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.14 SHA224withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.13 SHA512withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.5 SHA1withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.12 SHA384withRSA
Provider.id className sun.security.rsa.SunRsaSign
Alg.Alias.Signature.1.2.840.113549.1.1.4 MD5withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.11 SHA256withRSA
Alg.Alias.KeyFactory.1.2.840.113549.1.1 RSA
KeyPairGenerator.RSA sun.security.rsa.RSAKeyPairGenerator
Alg.Alias.Signature.1.2.840.113549.1.1.2 MD2withRSA
Signature.SHA384withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Alg.Alias.Signature.OID.1.2.840.113549.1.1.5 SHA1withRSA
Alg.Alias.Signature.OID.1.2.840.113549.1.1.4 MD5withRSA
SunEC
AlgorithmParameters.EC sun.security.ec.ECParameters
KeyAgreement.ECDH SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Signature.SHA256withECDSA ImplementedIn Software
Provider.id name SunEC
Signature.NONEwithECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Signature.SHA224withECDSA ImplementedIn Software
Signature.SHA1withECDSA sun.security.ec.ECDSASignature$SHA1
Alg.Alias.Signature.OID.1.2.840.10045.4.1 SHA1withECDSA
Signature.SHA256withECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Signature.SHA224withECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
KeyPairGenerator.EC KeySize 256
KeyFactory.EC ImplementedIn Software
Provider.id version 1.8
AlgorithmParameters.EC KeySize 256
Signature.NONEwithECDSA sun.security.ec.ECDSASignature$Raw
Signature.SHA512withECDSA ImplementedIn Software
Alg.Alias.KeyFactory.EllipticCurve EC
Signature.SHA256withECDSA sun.security.ec.ECDSASignature$SHA256
Alg.Alias.KeyPairGenerator.EllipticCurve EC
Signature.SHA512withECDSA sun.security.ec.ECDSASignature$SHA512
Signature.SHA1withECDSA KeySize 256
Signature.SHA1withECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Signature.SHA384withECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Alg.Alias.AlgorithmParameters.EllipticCurve EC
Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1 EC
Alg.Alias.Signature.1.2.840.10045.4.1 SHA1withECDSA
Signature.SHA224withECDSA sun.security.ec.ECDSASignature$SHA224
Signature.SHA384withECDSA ImplementedIn Software
AlgorithmParameters.EC ImplementedIn Software
Provider.id info Sun Elliptic Curve provider (EC, ECDSA, ECDH)
Signature.SHA512withECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
KeyPairGenerator.EC sun.security.ec.ECKeyPairGenerator
Alg.Alias.Signature.OID.1.2.840.10045.4.3.4 SHA512withECDSA
Alg.Alias.Signature.OID.1.2.840.10045.4.3.3 SHA384withECDSA
Alg.Alias.Signature.OID.1.2.840.10045.4.3.2 SHA256withECDSA
KeyAgreement.ECDH sun.security.ec.ECDHKeyAgreement
Alg.Alias.Signature.OID.1.2.840.10045.4.3.1 SHA224withECDSA
Alg.Alias.Signature.1.2.840.10045.4.3.4 SHA512withECDSA
Alg.Alias.Signature.1.2.840.10045.4.3.3 SHA384withECDSA
Signature.SHA384withECDSA sun.security.ec.ECDSASignature$SHA384
Alg.Alias.Signature.1.2.840.10045.4.3.2 SHA256withECDSA
Alg.Alias.Signature.1.2.840.10045.4.3.1 SHA224withECDSA
AlgorithmParameters.EC SupportedCurves [secp112r1,1.3.132.0.6]|[secp112r2,1.3.132.0.7]|[secp128r1,1.3.132.0.28]|[secp128r2,1.3.132.0.29]|[secp160k1,1.3.132.0.9]|[secp160r1,1.3.132.0.8]|[secp160r2,1.3.132.0.30]|[secp192k1,1.3.132.0.31]|[secp192r1,NIST P-192,X9.62 prime192v1,1.2.840.10045.3.1.1]|[secp224k1,1.3.132.0.32]|[secp224r1,NIST P-224,1.3.132.0.33]|[secp256k1,1.3.132.0.10]|[secp256r1,NIST P-256,X9.62 prime256v1,1.2.840.10045.3.1.7]|[secp384r1,NIST P-384,1.3.132.0.34]|[secp521r1,NIST P-521,1.3.132.0.35]|[X9.62 prime192v2,1.2.840.10045.3.1.2]|[X9.62 prime192v3,1.2.840.10045.3.1.3]|[X9.62 prime239v1,1.2.840.10045.3.1.4]|[X9.62 prime239v2,1.2.840.10045.3.1.5]|[X9.62 prime239v3,1.2.840.10045.3.1.6]|[sect113r1,1.3.132.0.4]|[sect113r2,1.3.132.0.5]|[sect131r1,1.3.132.0.22]|[sect131r2,1.3.132.0.23]|[sect163k1,NIST K-163,1.3.132.0.1]|[sect163r1,1.3.132.0.2]|[sect163r2,NIST B-163,1.3.132.0.15]|[sect193r1,1.3.132.0.24]|[sect193r2,1.3.132.0.25]|[sect233k1,NIST K-233,1.3.132.0.26]|[sect233r1,NIST B-233,1.3.132.0.27]|[sect239k1,1.3.132.0.3]|[sect283k1,NIST K-283,1.3.132.0.16]|[sect283r1,NIST B-283,1.3.132.0.17]|[sect409k1,NIST K-409,1.3.132.0.36]|[sect409r1,NIST B-409,1.3.132.0.37]|[sect571k1,NIST K-571,1.3.132.0.38]|[sect571r1,NIST B-571,1.3.132.0.39]|[X9.62 c2tnb191v1,1.2.840.10045.3.0.5]|[X9.62 c2tnb191v2,1.2.840.10045.3.0.6]|[X9.62 c2tnb191v3,1.2.840.10045.3.0.7]|[X9.62 c2tnb239v1,1.2.840.10045.3.0.11]|[X9.62 c2tnb239v2,1.2.840.10045.3.0.12]|[X9.62 c2tnb239v3,1.2.840.10045.3.0.13]|[X9.62 c2tnb359v1,1.2.840.10045.3.0.18]|[X9.62 c2tnb431r1,1.2.840.10045.3.0.20]|[brainpoolP160r1,1.3.36.3.3.2.8.1.1.1]|[brainpoolP192r1,1.3.36.3.3.2.8.1.1.3]|[brainpoolP224r1,1.3.36.3.3.2.8.1.1.5]|[brainpoolP256r1,1.3.36.3.3.2.8.1.1.7]|[brainpoolP320r1,1.3.36.3.3.2.8.1.1.9]|[brainpoolP384r1,1.3.36.3.3.2.8.1.1.11]|[brainpoolP512r1,1.3.36.3.3.2.8.1.1.13]
Provider.id className sun.security.ec.SunEC
Signature.NONEwithECDSA ImplementedIn Software
Signature.SHA1withECDSA ImplementedIn Software
KeyPairGenerator.EC ImplementedIn Software
KeyFactory.EC sun.security.ec.ECKeyFactory
KeyAgreement.ECDH ImplementedIn Software
SunJSSE
Signature.MD5andSHA1withRSA sun.security.ssl.RSASignature
Alg.Alias.Signature.OID.1.2.840.113549.1.1.2 MD2withRSA
Alg.Alias.KeyManagerFactory.PKIX NewSunX509
Provider.id name SunJSSE
KeyManagerFactory.NewSunX509 sun.security.ssl.KeyManagerFactoryImpl$X509
Alg.Alias.Signature.OID.1.3.14.3.2.29 SHA1withRSA
Signature.MD2withRSA sun.security.rsa.RSASignature$MD2withRSA
Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1 RSA
Provider.id version 1.8
KeyManagerFactory.SunX509 sun.security.ssl.KeyManagerFactoryImpl$SunX509
KeyFactory.RSA sun.security.rsa.RSAKeyFactory
TrustManagerFactory.SunX509 sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory
Alg.Alias.TrustManagerFactory.X.509 PKIX
SSLContext.TLSv1.2 sun.security.ssl.SSLContextImpl$TLS12Context
SSLContext.TLSv1.1 sun.security.ssl.SSLContextImpl$TLS11Context
Signature.MD5withRSA sun.security.rsa.RSASignature$MD5withRSA
Alg.Alias.SSLContext.SSLv3 TLSv1
Alg.Alias.SSLContext.SSL TLS
KeyStore.PKCS12 sun.security.pkcs12.PKCS12KeyStore
Alg.Alias.TrustManagerFactory.SunPKIX PKIX
Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1 RSA
SSLContext.Default sun.security.ssl.SSLContextImpl$DefaultSSLContext
Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1 RSA
Provider.id info Sun JSSE provider(PKCS12, SunX509/PKIX key/trust factories, SSLv3/TLSv1/TLSv1.1/TLSv1.2)
Signature.SHA1withRSA sun.security.rsa.RSASignature$SHA1withRSA
TrustManagerFactory.PKIX sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory
SSLContext.TLS sun.security.ssl.SSLContextImpl$TLSContext
SSLContext.TLSv1 sun.security.ssl.SSLContextImpl$TLS10Context
Alg.Alias.Signature.1.3.14.3.2.29 SHA1withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.5 SHA1withRSA
Alg.Alias.TrustManagerFactory.X509 PKIX
Provider.id className com.sun.net.ssl.internal.ssl.Provider
Alg.Alias.Signature.1.2.840.113549.1.1.4 MD5withRSA
Alg.Alias.KeyFactory.1.2.840.113549.1.1 RSA
KeyPairGenerator.RSA sun.security.rsa.RSAKeyPairGenerator
Alg.Alias.Signature.1.2.840.113549.1.1.2 MD2withRSA
Alg.Alias.Signature.OID.1.2.840.113549.1.1.5 SHA1withRSA
Alg.Alias.Signature.OID.1.2.840.113549.1.1.4 MD5withRSA
Even though I don't see any provider supporting the "AES/CTR/NoPadding" algorithm, there is no NoSuchAlgorithmException thrown by the execute() method, thus I suppose this algorithm is supported by one of the previous providers.
Question
Which of the previous providers is being called to get the envisaged
cipher object that supports the "AES/CTR/NoPadding" algorithm?
Note
The list of providers was too long to fit into this post, if you need any information regarding a not mentioned specific provider, please let me know.
You can just call getProvider() on any Cipher (or MessageDigest, etc.). If you do that for a Cipher using "AES/GCM/NoPadding" you would get the SunJCE provider. You would not get the additional service information, of course.
To get the service information about the AES cipher, try this code:
public static void main(String[] args) {
Provider[] provs = Security.getProviders();
for (Provider provider : provs) {
Service service = provider.getService("Cipher", "AES");
if (service == null) {
continue;
}
String modes = service.getAttribute("SupportedModes");
if (modes != null && modes.matches("(?i).*CTR.*")) {
System.out.println(service);
}
}
}
which will output:
SunJCE: Cipher.AES -> com.sun.crypto.provider.AESCipher$General
aliases: [Rijndael]
attributes: {SupportedPaddings=NOPADDING|PKCS5PADDING|ISO10126PADDING, SupportedKeyFormats=RAW, SupportedModes=ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64|GCM|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128}
So there you have it: AES, CTR and NoPadding.
Admittedly, the Service interface of Provider is not that well described so it takes a bit of puzzling to get to this information.
I'm having a hard time connecting to a service with client authentication. The service ("SecureService") is on AWS. The clients are on a Linux VM on my Mac. Nginx on SecureService enforces Client Authentication on the resource I'm accessing on port 443. I can get a successful response connecting from the same VM to the same SecureService, using a proof of concept Java standalone application (openjdk 1.8.0_60) or other clients (wget, openssl), but not from the same Java code hosted on Websphere AS (admittedly relying on older libraries and IBM J9 VM, build 2.6, JRE 1.6.0). When remapping the SecureService hostname to 127.0.0.1 in /etc/hosts, though, that same java code on Websphere AS connects successfully to a local openSSL server requiring client authentication from the same Certification Authority. The response from SecureServer in the failing connection reports "400 No required SSL certificate was sent"... "400 Bad Request", but tcpdump packet captures show it's NOT sending a Certificate Request, whereas it is in all the other cases. This is puzzling and leads me to think there is something in the ClientHello message that the server doesn't like, though ClientHello messages in successful and failing connections are very similar.
A quite odd detail is also that tcpdump never captures the first TCP SYN packet from my client to the server in the failing communication, while it captures the rest (SYN + ACK from the server, then ACK from the client) and all the packets (SYN, SYN + ACK, ACK) on all other communications.
All communications use TLSv1.2 in all their parts.
Failing connection:
(client <--> server)
<-- SYN, ACK
--> ACK
--> Client Hello
<-- ACK
<-- Server Hello, Certificate, Server Hello Done
--> ACK
--> Client Key Exchange
<-- ACK
--> Change Cypher Spec
<-- ACK
--> Encrypted Handshake Message
<-- ACK
<-- Change Cypher Spec, Encrypted Handshake Message
--> Application Data
...
Successful connection from proof of concept Java app:
(client <--> server)
--> SYN
<-- SYN, ACK
--> ACK
--> Client Hello
<-- ACK
<-- Server Hello
<-- Certificate
<-- Certificate Request, Server Hello Done
--> ACK
--> ACK
--> [TCP segment of a reassembled PDU]
--> Certificate, Client Key Exchange
<-- ACK
--> Certificate Verify
--> Change Cypher Spec
--> Hello Request, Hello Request
<-- ACK
<-- Change Cypher Spec, Encrypted Handshake Message
--> Application Data
...
Successful connection from Websphere AS to local openSSL:
(client <--> server)
--> SYN
<-- SYN, ACK
--> ACK
--> Client Hello
<-- ACK
<-- Server Hello, Certificate, Certificate Request, Server Hello Done
--> ACK
--> Certificate, Client Key Exchange
<-- ACK
--> Certificate Verify
--> Change Cypher Spec
--> Encrypted Handshake Message
<-- ACK
<-- Change Cypher Spec, Encrypted Handshake Message
--> Application Data
...
Failing Client Hello:
Frame 3: 332 bytes on wire (2656 bits), 332 bytes captured (2656 bits)
Encapsulation type: Linux cooked-mode capture (25)
Arrival Time: Feb 25, 2016 13:29:15.353437000 GMT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1456406955.353437000 seconds
[Time delta from previous captured frame: 0.004839000 seconds]
[Time delta from previous displayed frame: 0.004839000 seconds]
[Time since reference or first frame: 0.004868000 seconds]
Frame Number: 3
Frame Length: 332 bytes (2656 bits)
Capture Length: 332 bytes (2656 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: sll:ethertype:ip:tcp:ssl]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Linux cooked capture
Packet type: Sent by us (4)
Link-layer address type: 1
Link-layer address length: 6
Source: CadmusCo_67:0a:c1 (08:00:27:67:0a:c1)
Protocol: IPv4 (0x0800)
Internet Protocol Version 4, Src: (OMITTED FOR SECURITY REASONS), Dst: (OMITTED FOR SECURITY REASONS)
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 316
Identification: 0xf29d (62109)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0xc7f8 [validation disabled]
[Good: False]
[Bad: False]
Source: (OMITTED FOR SECURITY REASONS)
Destination: (OMITTED FOR SECURITY REASONS)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 51512 (51512), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 276
Source Port: 51512
Destination Port: 443
[Stream index: 0]
[TCP Segment Len: 276]
Sequence number: 1 (relative sequence number)
[Next sequence number: 277 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: *******AP***]
Window size value: 14600
[Calculated window size: 14600]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x8054 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[Bytes in flight: 276]
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 271
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 267
Version: TLS 1.2 (0x0303)
Random
GMT Unix Time: Feb 25, 2016 13:29:15.000000000 GMT
Random Bytes: 2ca99e72b66289fcd3f11bf2dc3ef464709b197e6dd6cdd5...
Session ID Length: 32
Session ID: 28eef056a41440e760eaa9e3358a9cd56d8823fa130e9100...
Cipher Suites Length: 128
Cipher Suites (64 suites)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
Cipher Suite: SSL_RSA_FIPS_WITH_DES_CBC_SHA (0xfefe)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001)
Cipher Suite: TLS_RSA_WITH_NULL_SHA (0x0002)
Cipher Suite: TLS_RSA_WITH_NULL_SHA256 (0x003b)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 66
Extension: elliptic_curves
Type: elliptic_curves (0x000a)
Length: 24
Elliptic Curves Length: 22
Elliptic curves (11 curves)
Elliptic curve: secp256r1 (0x0017)
Elliptic curve: secp192r1 (0x0013)
Elliptic curve: secp224r1 (0x0015)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: secp521r1 (0x0019)
Elliptic curve: secp160k1 (0x000f)
Elliptic curve: secp160r1 (0x0010)
Elliptic curve: secp160r2 (0x0011)
Elliptic curve: secp192k1 (0x0012)
Elliptic curve: secp224k1 (0x0014)
Elliptic curve: secp256k1 (0x0016)
Extension: ec_point_formats
Type: ec_point_formats (0x000b)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Extension: signature_algorithms
Type: signature_algorithms (0x000d)
Length: 28
Signature Hash Algorithms Length: 26
Signature Hash Algorithms (13 algorithms)
Signature Hash Algorithm: 0x0603
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0601
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0503
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0501
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0403
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0401
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0303
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0301
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0203
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0201
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0402
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: DSA (2)
Signature Hash Algorithm: 0x0202
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: DSA (2)
Signature Hash Algorithm: 0x0101
Signature Hash Algorithm Hash: MD5 (1)
Signature Hash Algorithm Signature: RSA (1)
Successful Client Hello from proof of concept to SecureServer:
Frame 62: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0
Interface id: 0 (en0)
Encapsulation type: Ethernet (1)
Arrival Time: Feb 24, 2016 17:20:21.803009000 GMT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1456334421.803009000 seconds
[Time delta from previous captured frame: 0.119948000 seconds]
[Time delta from previous displayed frame: 0.119948000 seconds]
[Time since reference or first frame: 17.897514000 seconds]
Frame Number: 62
Frame Length: 306 bytes (2448 bits)
Capture Length: 306 bytes (2448 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:ssl]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Apple_bc:c7:11 (a4:5e:60:bc:c7:11), Dst: CiscoInc_76:28:80 (a4:4c:11:76:28:80)
Destination: CiscoInc_76:28:80 (a4:4c:11:76:28:80)
Address: CiscoInc_76:28:80 (a4:4c:11:76:28:80)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Apple_bc:c7:11 (a4:5e:60:bc:c7:11)
Address: Apple_bc:c7:11 (a4:5e:60:bc:c7:11)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: (OMITTED FOR SECURITY REASONS), Dst: (OMITTED FOR SECURITY REASONS)
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 292
Identification: 0xa8b7 (43191)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x279c [validation disabled]
[Good: False]
[Bad: False]
Source: (OMITTED FOR SECURITY REASONS)
Destination: (OMITTED FOR SECURITY REASONS)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 62197 (62197), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 240
Source Port: 62197
Destination Port: 443
[Stream index: 9]
[TCP Segment Len: 240]
Sequence number: 1 (relative sequence number)
[Next sequence number: 241 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header Length: 32 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: *******AP***]
Window size value: 4122
[Calculated window size: 131904]
[Window size scaling factor: 32]
Checksum: 0xc3c5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
Timestamps: TSval 928661973, TSecr 546145009
Kind: Time Stamp Option (8)
Length: 10
Timestamp value: 928661973
Timestamp echo reply: 546145009
[SEQ/ACK analysis]
[iRTT: 0.016102000 seconds]
[Bytes in flight: 240]
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 235
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 231
Version: TLS 1.2 (0x0303)
Random
GMT Unix Time: Feb 24, 2016 17:20:21.000000000 GMT
Random Bytes: fbb67137e8cde6609cb570685f6c9b5a62eefbc12973b545...
Session ID Length: 0
Cipher Suites Length: 58
Cipher Suites (29 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 132
Extension: elliptic_curves
Type: elliptic_curves (0x000a)
Length: 52
Elliptic Curves Length: 50
Elliptic curves (25 curves)
Elliptic curve: secp256r1 (0x0017)
Elliptic curve: sect163k1 (0x0001)
Elliptic curve: sect163r2 (0x0003)
Elliptic curve: secp192r1 (0x0013)
Elliptic curve: secp224r1 (0x0015)
Elliptic curve: sect233k1 (0x0006)
Elliptic curve: sect233r1 (0x0007)
Elliptic curve: sect283k1 (0x0009)
Elliptic curve: sect283r1 (0x000a)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: sect409k1 (0x000b)
Elliptic curve: sect409r1 (0x000c)
Elliptic curve: secp521r1 (0x0019)
Elliptic curve: sect571k1 (0x000d)
Elliptic curve: sect571r1 (0x000e)
Elliptic curve: secp160k1 (0x000f)
Elliptic curve: secp160r1 (0x0010)
Elliptic curve: secp160r2 (0x0011)
Elliptic curve: sect163r1 (0x0002)
Elliptic curve: secp192k1 (0x0012)
Elliptic curve: sect193r1 (0x0004)
Elliptic curve: sect193r2 (0x0005)
Elliptic curve: secp224k1 (0x0014)
Elliptic curve: sect239k1 (0x0008)
Elliptic curve: secp256k1 (0x0016)
Extension: ec_point_formats
Type: ec_point_formats (0x000b)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Extension: signature_algorithms
Type: signature_algorithms (0x000d)
Length: 26
Signature Hash Algorithms Length: 24
Signature Hash Algorithms (12 algorithms)
Signature Hash Algorithm: 0x0603
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0601
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0503
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0501
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0403
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0401
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0303
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0301
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0203
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0201
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0202
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: DSA (2)
Signature Hash Algorithm: 0x0101
Signature Hash Algorithm Hash: MD5 (1)
Signature Hash Algorithm Signature: RSA (1)
Extension: server_name
Type: server_name (0x0000)
Length: 36
Server Name Indication extension
Server Name list length: 34
Server Name Type: host_name (0)
Server Name length: 31
Server Name: (OMITTED FOR SECURITY REASONS - IT CORRESPONDS TO THE DESTINATION HOSTNAME)
Tcpdump command line:
sudo tcpdump -s 0 -n "port 443" -w /Repo/security/capture.cap -i any
Has anyone got any idea what could be going wrong? I don't have administration rights or even an account to log in on the server, at the moment.
SOLVED - I have found that the Nginx server requires a "server_name" extension to be specified in the Client Hello. In fact the following openssl command prompts the server to issue a Certificate Request...
/usr/local/Cellar/openssl/1.0.2e/bin/openssl s_client -cert client_identity.crt -key client_identity.key -connect SecureServerHostName:443 -debug <post_request.txt -tls1_2 -servername SecureServerHostName
...while omitting the "-servername" option doesn't.
How I will force WebsphereAS to add that extension is another pair of shoes. Perhaps upgrading the version of Java will help, by updating the implementation of the TLS protocol.
Update: Yes, upgrading the IBM JDK from 1.6 to 1.7.1 worked, generating Client Hello messages with Server Name Indication, as mentioned here (By default Java SE 7 enables Server Name Indication (SNI).).