充气城堡和 TLS_RSA_WITH_AES_128_CCM
Bouncy Castle and TLS_RSA_WITH_AES_128_CCM
我的一个测试工具(我只有二进制文件)使用 java 进行 TLS 通信。
由于标准 java 不提供支持,Bouncy Castle 用于使用 CCM 的密码。
配置 Bouncy Castle 后,我的工具适用于大多数 CCM 相关密码(例如:
TLS_DHE_RSA_WITH_AES_128_CCM)。
但是,该工具无法用于 TLS_RSA_WITH_AES_128_CCM 密码套件。
错误跟踪如下:
14:34:15.350 INFO - Start TCP Listener on 0.0.0.0/0.0.0.0:10075 14:34:23.818 INFO - Accept connection Socket[addr=/127.0.0.1,port=53357,localport=10075] 14:34:23.831 DEBUG
- /127.0.0.1:10075<-/127.0.0.1:53357(1): enter state: Sta2 - Transport connection open May 02, 2022 2:34:23 PM org.bouncycastle.jsse.provider.ProvTlsServer notifyAlertRaised INFO: Server raised fatal(2) handshake_failure(40) alert: Failed to read record org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); No selectable cipher suite
at org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.generateServerHello(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.accept(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.handshakeIfNecessary(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect$AppDataInput.read(Unknown Source)
at org.dcm4che3.util.StreamUtils.readAvailable(StreamUtils.java:57)
at org.dcm4che3.util.StreamUtils.readFully(StreamUtils.java:68)
at org.dcm4che3.net.PDUDecoder.readFully(PDUDecoder.java:225)
at org.dcm4che3.net.PDUDecoder.nextPDU(PDUDecoder.java:159)
at org.dcm4che3.net.Association.run(Association.java:571)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
14:34:23.918 INFO - /127.0.0.1:10075<-/127.0.0.1:53357(1): i/o exception: org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); No selectable cipher suite in State: Sta2 - Transport connection open
任何关于此密码为何失败而 TLS_DHE_RSA_WITH_AES_128_CCM 有效的指针?
提前致谢。
在 BouncyCastle github 论坛的帮助下,我找到了问题的解决方案。
它需要执行 2 个额外的步骤:
- 将 bcpkix-$version.jar 复制到 %JAVA_HOME%\lib\ext 路径
- 更新 ssl.KeyManagerFactory.algorithm=java.security 文件中的 PKIX
我的一个测试工具(我只有二进制文件)使用 java 进行 TLS 通信。 由于标准 java 不提供支持,Bouncy Castle 用于使用 CCM 的密码。 配置 Bouncy Castle 后,我的工具适用于大多数 CCM 相关密码(例如: TLS_DHE_RSA_WITH_AES_128_CCM)。 但是,该工具无法用于 TLS_RSA_WITH_AES_128_CCM 密码套件。
错误跟踪如下:
14:34:15.350 INFO - Start TCP Listener on 0.0.0.0/0.0.0.0:10075 14:34:23.818 INFO - Accept connection Socket[addr=/127.0.0.1,port=53357,localport=10075] 14:34:23.831 DEBUG
- /127.0.0.1:10075<-/127.0.0.1:53357(1): enter state: Sta2 - Transport connection open May 02, 2022 2:34:23 PM org.bouncycastle.jsse.provider.ProvTlsServer notifyAlertRaised INFO: Server raised fatal(2) handshake_failure(40) alert: Failed to read record org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); No selectable cipher suite
at org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.generateServerHello(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.accept(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.handshakeIfNecessary(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect$AppDataInput.read(Unknown Source)
at org.dcm4che3.util.StreamUtils.readAvailable(StreamUtils.java:57)
at org.dcm4che3.util.StreamUtils.readFully(StreamUtils.java:68)
at org.dcm4che3.net.PDUDecoder.readFully(PDUDecoder.java:225)
at org.dcm4che3.net.PDUDecoder.nextPDU(PDUDecoder.java:159)
at org.dcm4che3.net.Association.run(Association.java:571)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
14:34:23.918 INFO - /127.0.0.1:10075<-/127.0.0.1:53357(1): i/o exception: org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); No selectable cipher suite in State: Sta2 - Transport connection open
任何关于此密码为何失败而 TLS_DHE_RSA_WITH_AES_128_CCM 有效的指针?
提前致谢。
在 BouncyCastle github 论坛的帮助下,我找到了问题的解决方案。 它需要执行 2 个额外的步骤:
- 将 bcpkix-$version.jar 复制到 %JAVA_HOME%\lib\ext 路径
- 更新 ssl.KeyManagerFactory.algorithm=java.security 文件中的 PKIX