Thanks for the quick replies!
Unfortunately I think I'm running into this issue
<http://stackoverflow.com/questions/23906736/create-an-sslcontext-instance-using-a-bouncy-castle-provider>
of Bouncycastle being a JCE provider but not a JCCE provider.
E.g.:
val cipherSuites =
NegotiateNewSession.withCipherSuites("TLS_PSK_WITH_AES_128_CBC_SHA")
val clientTls = SslTls(SSLContext.getInstance("TLS", new
BouncyCastleProvider), cipherSuites, Client)
// will eventually produce (even if I do Security.addProvider(new
BouncyCastleProvider) as Jim suggested
[error] Exception in thread "main" java.security.NoSuchAlgorithmException:
no such algorithm: TLS for provider BC
[error] at sun.security.jca.GetInstance.getService(GetInstance.java:101)
[error] at sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
[error] at javax.net.ssl.SSLContext.getInstance(SSLContext.java:236)
On Monday, November 16, 2015 at 5:45:51 PM UTC-5, Konrad Malawski wrote:
>
> Hi Chris,
> Jim responded quicker than I managed to; thanks! :-)
>
> I'll add a bit more positive hints to the above suggestion,
> it seems that BouncyCastle does implement the cipher you're after:
>
> https://github.com/bcgit/bc-java/blob/dd3d4c4ffe31296e231e9075a26c72b399be3f05/core/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java#L1438
>
>
> Read up more infos here: https://www.bouncycastle.org/
>
> --
> Cheers,
> Konrad 'ktoso’ Malawski
> Akka <http://akka.io> @ Typesafe <http://typesafe.com>
>
> On 16 November 2015 at 23:11:48, Chris Ridmann ([email protected]
> <javascript:>) wrote:
>
> Hello everyone,
>
> I am exploring using akka-streams as a TCP client. Unfortunately my use
> case requires the usage of pre-shared keys as the cipher suite
> (specifically TLS_PSK_WITH_AES_128_CBC_SHA) instead of using certificates.
>
> Looking through the source code and test cases
> <https://github.com/akka/akka/blob/releasing-akka-stream-and-http-experimental-2.0-M1/akka-stream-tests/src/test/scala/akka/stream/io/TlsSpec.scala>,
>
> it appears you guys based your SslTls bidi flows off of JSSE. I am running
> on jdk 8, and it doesn't look like it supports PSK ciphers:
>
> val context = SSLContext.getInstance("TLS")
> context.init(null, null, null)
> context.getDefaultSSLParameters.getCipherSuites.toList.foreach(println)
>
> [info] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> [info] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> [info] TLS_RSA_WITH_AES_128_CBC_SHA256
> [info] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
> [info] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
> [info] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> [info] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> [info] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
> [info] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> [info] TLS_RSA_WITH_AES_128_CBC_SHA
> [info] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
> [info] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
> [info] TLS_DHE_RSA_WITH_AES_128_CBC_SHA
> [info] TLS_DHE_DSS_WITH_AES_128_CBC_SHA
> [info] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
> [info] TLS_ECDHE_RSA_WITH_RC4_128_SHA
> [info] SSL_RSA_WITH_RC4_128_SHA
> [info] TLS_ECDH_ECDSA_WITH_RC4_128_SHA
> [info] TLS_ECDH_RSA_WITH_RC4_128_SHA
> [info] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> [info] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> [info] TLS_RSA_WITH_AES_128_GCM_SHA256
> [info] TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
> [info] TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
> [info] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
> [info] TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
> [info] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
> [info] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
> [info] SSL_RSA_WITH_3DES_EDE_CBC_SHA
> [info] TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
> [info] TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
> [info] SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> [info] SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
> [info] SSL_RSA_WITH_RC4_128_MD5
> [info] TLS_EMPTY_RENEGOTIATION_INFO_SCSV
>
>
> val cipherSuites =
> NegotiateNewSession.withCipherSuites("TLS_PSK_WITH_AES_128_CBC_SHA")
> val clientTls = SslTls(context, cipherSuites, Client)
>
> // eventually produces the following error:
>
> Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite
> TLS_PSK_WITH_AES_128_CBC_SHA
> [info] at sun.security.ssl.CipherSuite.valueOf(CipherSuite.java:237)
> [info] at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:82)
> [info] at
> sun.security.ssl.SSLEngineImpl.setEnabledCipherSuites(SSLEngineImpl.java:2018)
> [info] at
> akka.stream.impl.io.SslTlsCipherActor$$anonfun$applySessionParameters$1.apply(SslTlsCipherActor.scala:156)
>
>
> It doesn't seem like I'd be able to integrate bouncycastle as it is a JCE
> provider instead of JSSE.
>
>
> I'm relatively new to akka-streams and JSSE, so if I'm mistaken with
> anything here please let me know!
>
> Do you guys know how I'd go about implementing this use case using
> akka-streams?
>
> Any help is appreciated - thanks!
> -Chris
>
> --
> >>>>>>>>>> Read the docs: http://akka.io/docs/
> >>>>>>>>>> Check the FAQ:
> http://doc.akka.io/docs/akka/current/additional/faq.html
> >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
> ---
> You received this message because you are subscribed to the Google Groups
> "Akka User List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected] <javascript:>.
> To post to this group, send email to [email protected]
> <javascript:>.
> Visit this group at http://groups.google.com/group/akka-user.
> For more options, visit https://groups.google.com/d/optout.
>
>
--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ:
>>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to the Google Groups "Akka
User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
