Hi, I'm trying to write a proxy to intercept COAP connections from an embedded device. I am able to clone the TLS certificates that it thinks it is connecting to, obviously using my own keys (for the TLS server side), and insert the CA cert into the firmware of this device. By this, I mean that an ASN.1 dump of my CA certificate and the "expected" CA certificate show differences only in the actual key values, not any other parameters of the keys or certificates.
However, so far I have been unable to convince netty to negotiate a connection using the only supported algorithm offered by the device, being TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8. When I do, I get handshake errors that the handshaker was unable to establish a common cipher suite. I have tried using the native JDK 8 options (build 1.8.0_102-b14), as well as tried specifying use of the Openssl provider via sslContext = SslContextBuilder.forServer(km.getPrivateKey(target), km .getCertificateChain(target)) .sslContextProvider(new BouncyCastleProvider()).build(); I have also tried: sslContext = SslContextBuilder.forServer(km.getPrivateKey(target), km .getCertificateChain(target)) .sslProvider(SslProvider.OPENSSL).build(); where km is an X509KeyManager instance that holds the relevant keys. Any suggestions? Rogan -- You received this message because you are subscribed to the Google Groups "Netty discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/netty/56cb5b56-c41a-4959-8460-bfe0ece0d2b9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
