Re: ECC Key Usage ignored

2020-10-31 Thread Daniel Jeliński
Sure Xuelei. Filed 9067508 for the client issue, and 9067509 for the server one. Thanks! Daniel sob., 31 paź 2020 o 17:23 Xue-Lei Fan napisał(a): > Hi Daniel, > > Would you mind file a bug for the tracking? > > Xuelei > > On Oct 31, 2020, at 5:45 AM, Daniel Jeliński wrote: > > Verified that

Re: ECC Key Usage ignored

2020-10-31 Thread Xue-Lei Fan
Hi Daniel, Would you mind file a bug for the tracking? Xuelei > On Oct 31, 2020, at 5:45 AM, Daniel Jeliński wrote: > > Verified that this behavior is still observed with JDK 16 EA 22. > > Client side code responsible for server certificate validation is located in > EndEntityChecker.checkTL

Re: ECC Key Usage ignored

2020-10-31 Thread Daniel Jeliński
Verified that this behavior is still observed with JDK 16 EA 22. Client side code responsible for server certificate validation is located in EndEntityChecker.checkTLSServer [1]. That code is not executed when the certificate is trusted [2]. I believe this is a bug - I wouldn't choose to accept a

ECC Key Usage ignored

2020-10-27 Thread Daniel Jeliński
Hi all, TL;DR: both SSL server and client ignore KeyUsage certificate extension when determining the list of available cipher suites. They shouldn't; KeyUsage is the only differentiator between ECDH and ECDSA certificates. Long version: I'm experimenting with ECC certificates on my Jetty server;

Re: ECC Key Usage ignored with and ECDH(E) ciphers

2017-05-23 Thread Xuelei Fan
.net *From:* Xuelei Fan *Sent:* Tuesday, May 23, 2017 9:12:10 PM *To:* Bernd; security-dev@openjdk.java.net *Subject:* Re: ECC Key Usage ignored with and ECDH(E) ciphers Hi Bernd, What are the JSSE key/trust managers used for the testing ("SunX509" or &q

Re: ECC Key Usage ignored with and ECDH(E) ciphers

2017-05-23 Thread Bernd Eckenfels
From: Xuelei Fan Sent: Tuesday, May 23, 2017 9:12:10 PM To: Bernd; security-dev@openjdk.java.net Subject: Re: ECC Key Usage ignored with and ECDH(E) ciphers Hi Bernd, What are the JSSE key/trust managers used for the testing ("SunX509" or "PKIX")? Thanks &

Re: ECC Key Usage ignored with and ECDH(E) ciphers

2017-05-23 Thread Xuelei Fan
Hi Bernd, What are the JSSE key/trust managers used for the testing ("SunX509" or "PKIX")? Thanks & Regards, Xuelei On 5/23/2017 7:08 AM, Bernd wrote: Hello, according to RFC 4492 the key usage for ECDHE and ECDH ciphers need to be observed in regards to key agreement: When I use ECDH_ECDS

ECC Key Usage ignored with and ECDH(E) ciphers

2017-05-23 Thread Bernd
Hello, according to RFC 4492 the key usage for ECDHE and ECDH ciphers need to be observed in regards to key agreement: When I use ECDH_ECDSA ciphers then the server certificate must have the keyAgreement usage. When I use ECDHE_ECDSA ciphers then the server certificate must have "digitalSignature"