Re: ECDSA Private Keys

Christopher Schultz Thu, 02 Jan 2020 08:14:27 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Peter,


On 1/2/20 04:24, logo wrote:

> There may be an issue with the provided/available ciphers!
> 
> The connector comes up correctly, is accessible through the browser
> but if I test the ssl setup, I get an error message that the
> key/cert may not be used for "Key agreement"
> 
> See: testssl.sh <tomcat>:8443
> 
> Signature Algorithm          ECDSA with SHA256 Server key size
> EC 256 bits Server key usage             Digital Signature, Key
> Encipherment Certificate incorrectly used for key agreement Server
> extended key usage    TLS Web Server Authentication, TLS Web Client
> Authentication
> 
> I cannot find the reason for that yet, testssl complains if there
> are TLS_ECDH_*-ciphers with the wrong server key usage. The setup
> may be causing troubles in testssl.sh as Tomcat provides ciphers
> that maybe should not be available with ECDSA certs (? _RSA???
> Maybe even ECDH_ECDSA???)?
> 
> Testing 370 ciphers via OpenSSL plus sockets against the server,
> ordered by encryption strength
> 
> Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption
> Bits     Cipher Suite Name (IANA/RFC) 
> ----------------------------------------------------------------------
- -------------------------------------------------------
>
> 
x1302   TLS_AES_256_GCM_SHA384            ECDH 256   AESGCM      256
  TLS_AES_256_GCM_SHA384
> xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 256   AESGCM
> 256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 xc024
> ECDHE-ECDSA-AES256-SHA384         ECDH 256   AES         256
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 xc00a
> ECDHE-ECDSA-AES256-SHA            ECDH 256   AES         256
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA xc032
> ECDH-RSA-AES256-GCM-SHA384        ECDH/RSA   AESGCM      256
> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 xc02e
> ECDH-ECDSA-AES256-GCM-SHA384      ECDH/ECDSA AESGCM      256
> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 xc02a
> ECDH-RSA-AES256-SHA384            ECDH/RSA   AES         256
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 xc026
> ECDH-ECDSA-AES256-SHA384          ECDH/ECDSA AES         256
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 xc00f   ECDH-RSA-AES256-SHA
> ECDH/RSA   AES         256      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
>  xc005   ECDH-ECDSA-AES256-SHA             ECDH/ECDSA AES
> 256      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA x1301
> TLS_AES_128_GCM_SHA256            ECDH 256   AESGCM      128
> TLS_AES_128_GCM_SHA256 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256
> ECDH 256   AESGCM      128
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 xc023
> ECDHE-ECDSA-AES128-SHA256         ECDH 256   AES         128
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 xc009
> ECDHE-ECDSA-AES128-SHA            ECDH 256   AES         128
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA xc031
> ECDH-RSA-AES128-GCM-SHA256        ECDH/RSA   AESGCM      128
> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 xc02d
> ECDH-ECDSA-AES128-GCM-SHA256      ECDH/ECDSA AESGCM      128
> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 xc029
> ECDH-RSA-AES128-SHA256            ECDH/RSA   AES         128
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 xc025
> ECDH-ECDSA-AES128-SHA256          ECDH/ECDSA AES         128
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 xc00e   ECDH-RSA-AES128-SHA
> ECDH/RSA   AES         128      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
>  xc004   ECDH-ECDSA-AES128-SHA             ECDH/ECDSA AES
> 128      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
> 
> 
> Same cert works on the openssl connector (or an apache httpd) and
> does not show this issue (only ECDHE key exchange and ECDSA
> signature, well openssl does not implement ECDH-ECDSA).
> 
> Testing 370 ciphers via OpenSSL plus sockets against the server,
> ordered by encryption strength
> 
> Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption
> Bits     Cipher Suite Name (IANA/RFC) 
> ----------------------------------------------------------------------
- -------------------------------------------------------
>
> 
x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256
  TLS_AES_256_GCM_SHA384
> x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20
> 256      TLS_CHACHA20_POLY1305_SHA256 xc02c
> ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 253   AESGCM      256
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 xc024
> ECDHE-ECDSA-AES256-SHA384         ECDH 253   AES         256
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 xc00a
> ECDHE-ECDSA-AES256-SHA            ECDH 253   AES         256
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA xcca9
> ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256
> TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 xc0af
> ECDHE-ECDSA-AES256-CCM8           ECDH 253   AESCCM8     256
> TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 xc0ad   ECDHE-ECDSA-AES256-CCM
> ECDH 253   AESCCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_CCM
>  xc073   ECDHE-ECDSA-CAMELLIA256-SHA384    ECDH 253   Camellia
> 256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 xc05d
> ECDHE-ECDSA-ARIA256-GCM-SHA384    ECDH 253   ARIAGCM     256
> TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 x1301
> TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128
> TLS_AES_128_GCM_SHA256 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256
> ECDH 253   AESGCM      128
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 xc023
> ECDHE-ECDSA-AES128-SHA256         ECDH 253   AES         128
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 xc009
> ECDHE-ECDSA-AES128-SHA            ECDH 253   AES         128
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA xc0ae
> ECDHE-ECDSA-AES128-CCM8           ECDH 253   AESCCM8     128
> TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 xc0ac   ECDHE-ECDSA-AES128-CCM
> ECDH 253   AESCCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_CCM
>  xc072   ECDHE-ECDSA-CAMELLIA128-SHA256    ECDH 253   Camellia
> 128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 xc05c
> ECDHE-ECDSA-ARIA128-GCM-SHA256    ECDH 253   ARIAGCM     128
> TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
> 
> There is probably more complexity to implementation of ECDSA in
> Tomcat with JSSE?!?

I seem to remember a bug where Tomcat does not check the "usage" of a
key before trying to use it. I couldn't find it in BZ, maybe it was
fixed in some partial way.

What do those lists represent? All the cipher suites tried, or all
that connected successfully?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4OFroACgkQHPApP6U8
pFifJw//befvNHGem8GtKH5ds3bEdZk/nvxi1FsytOMA7YplenYI7LxnPrHYeQj0
L6jUxgYJk5canTmCi/Zw2st03wCAXCfO+AHUYDu4TwA+Ml7ij+cmwtt5Di9onhg0
c23bDS8WNkiTA6aW4dX5RgPj7+C60k8he+uLCpeoDjWh6b778IR7UcRdd+9uFdVU
wx4ILhl1MNnbQeyH6UMolQA4ms+4HG09mDYcQwK4B5VejQnbtzud1hkB0mJJCCes
MbSaE/6BA4cs9feHV8rzWqy1EW5v9MyfbgNweFMS2GJXHNr1mMiUbmW5clnGphL5
OhLonEA8FFaceuutePz+LefQiznsbCBljSuKTB4nzy14KY3mDBAyxp3N3SLD+Rno
Aowhp657foWlre652MORmgK7KZWGg8PZ3fxtIuGXFxk9uY0Ib0x3jvvMxm0XWMW0
BysOmO1LW6kDKUBZSxBh1ZBq4hExySWdn2wT8n4tbYnPdDcun1EjXKSYofKevRXP
+CDY8GER1TpLasiDbL9FHYcEtOIsKgGg85REfB13zlMkUNleTEinM7laLQnUFyIt
hHB7Ua28lykMI3CpaOWDFfNhtzsRW5TRh7DT84OCqnnQQl3vz0Xxr6pg1dPT3M+o
Ns3Hcr/MhgD05sOcA9i3hGRmtpRcYYznqQYdTMSxjb9HWzEjDpk=
=A9OL
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: ECDSA Private Keys

Reply via email to