java - Client ECC SSL Certificate contains "unknown named curve" -

-

question precontext: working in existing library uses ssl netty framework on remote server. running ssl/tls handshake error. error follows: 

javax.net.ssl.sslprotocolexception: java.io.ioexception: unknown named curve: 1.2.840.10045.3.1.1     @ sun.security.ssl.handshaker.checkthrown(handshaker.java:1345) ~[na:1.7.0_79]     @ sun.security.ssl.sslengineimpl.checktaskthrown(sslengineimpl.java:519) ~[na:1.7.0_79]     @ sun.security.ssl.sslengineimpl.readnetrecord(sslengineimpl.java:799) ~[na:1.7.0_79]     @ sun.security.ssl.sslengineimpl.unwrap(sslengineimpl.java:767) ~[na:1.7.0_79]     @ javax.net.ssl.sslengine.unwrap(sslengine.java:624) ~[na:1.7.0_79]     @ io.netty.handler.ssl.sslhandler.unwrap(sslhandler.java:982) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.handler.ssl.sslhandler.unwrap(sslhandler.java:908) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.handler.ssl.sslhandler.decode(sslhandler.java:854) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.handler.codec.bytetomessagedecoder.calldecode(bytetomessagedecoder.java:249) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.handler.codec.bytetomessagedecoder.channelread(bytetomessagedecoder.java:149) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.channel.abstractchannelhandlercontext.invokechannelread(abstractchannelhandlercontext.java:333) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.channel.abstractchannelhandlercontext.firechannelread(abstractchannelhandlercontext.java:319) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.channel.defaultchannelpipeline.firechannelread(defaultchannelpipeline.java:787) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.channel.nio.abstractniobytechannel$niobyteunsafe.read(abstractniobytechannel.java:130) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.channel.nio.nioeventloop.processselectedkey(nioeventloop.java:511) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.channel.nio.nioeventloop.processselectedkeysoptimized(nioeventloop.java:468) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.channel.nio.nioeventloop.processselectedkeys(nioeventloop.java:382) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.channel.nio.nioeventloop.run(nioeventloop.java:354) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.util.concurrent.singlethreadeventexecutor$2.run(singlethreadeventexecutor.java:116) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.util.concurrent.defaultthreadfactory$defaultrunnabledecorator.run(defaultthreadfactory.java:137) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ java.lang.thread.run(thread.java:745) ~[na:1.7.0_79] caused by: javax.net.ssl.sslprotocolexception: java.io.ioexception: unknown named curve: 1.2.840.10045.3.1.1     @ sun.security.ssl.handshakemessage$certificatemsg.<init>(handshakemessage.java:451) ~[na:1.7.0_79]     @ sun.security.ssl.serverhandshaker.processmessage(serverhandshaker.java:222) ~[na:1.7.0_79]     @ sun.security.ssl.handshaker.processloop(handshaker.java:901) ~[na:1.7.0_79]     @ sun.security.ssl.handshaker$1.run(handshaker.java:841) ~[na:1.7.0_79]     @ sun.security.ssl.handshaker$1.run(handshaker.java:839) ~[na:1.7.0_79]     @ java.security.accesscontroller.doprivileged(native method) ~[na:1.7.0_79]     @ sun.security.ssl.handshaker$delegatedtask.run(handshaker.java:1273) ~[na:1.7.0_79]     @ io.netty.handler.ssl.sslhandler.rundelegatedtasks(sslhandler.java:1015) ~[netty-all-4.0.23.final.jar:4.0.23.final]     @ io.netty.handler.ssl.sslhandler.unwrap(sslhandler.java:927) ~[netty-all-4.0.23.final.jar:4.0.23.final]     ... 14 common frames omitted caused by: java.security.cert.certificateparsingexception: java.io.ioexception: unknown named curve: 1.2.840.10045.3.1.1     @ sun.security.x509.x509certinfo.<init>(x509certinfo.java:171) ~[na:1.7.0_79]     @ sun.security.x509.x509certimpl.parse(x509certimpl.java:1781) ~[na:1.7.0_79]     @ sun.security.x509.x509certimpl.<init>(x509certimpl.java:196) ~[na:1.7.0_79]     @ sun.security.provider.x509factory.enginegeneratecertificate(x509factory.java:97) ~[na:1.7.0_79]     @ java.security.cert.certificatefactory.generatecertificate(certificatefactory.java:339) ~[na:1.7.0_79]     @ sun.security.ssl.handshakemessage$certificatemsg.<init>(handshakemessage.java:449) ~[na:1.7.0_79]     ... 22 common frames omitted caused by: java.io.ioexception: unknown named curve: 1.2.840.10045.3.1.1     @ sun.security.ec.ecparameters.decodeparameters(ecparameters.java:197) ~[na:1.7.0_79]     @ sun.security.ec.ecparameters.engineinit(ecparameters.java:319) ~[na:1.7.0_79]     @ java.security.algorithmparameters.init(algorithmparameters.java:293) ~[na:1.7.0_79]     @ sun.security.x509.algorithmid.decodeparams(algorithmid.java:139) ~[na:1.7.0_79]     @ sun.security.x509.algorithmid.<init>(algorithmid.java:114) ~[na:1.7.0_79]     @ sun.security.x509.algorithmid.parse(algorithmid.java:382) ~[na:1.7.0_79]     @ sun.security.x509.x509key.parse(x509key.java:168) ~[na:1.7.0_79]     @ sun.security.x509.certificatex509key.<init>(certificatex509key.java:75) ~[na:1.7.0_79]     @ sun.security.x509.x509certinfo.parse(x509certinfo.java:705) ~[na:1.7.0_79]     @ sun.security.x509.x509certinfo.<init>(x509certinfo.java:169) ~[na:1.7.0_79]     ... 27 common frames omitted

now, here approach try solving issue @ hand. remote server requires client authentication , certificate 1 uses elliptic curves (using client certificate different public key algorithms , signature algorithms not cause error meaning client certificate @ fault here). ran

openssl x509 -in <client_cert> -text -noout 
the client certificate follows: certificate:     data:         version: 3 (0x2)         serial number: 3585039615565000225 (0x31c09e8937746e21)     signature algorithm: ecdsa-with-sha1         issuer: <issuer>         validity             not before: dec  1 23:01:26 2014 gmt             not after : nov 26 23:01:26 2034 gmt         subject: 1.3.6.1.4.1.41387.1.1=18b43000004c627b         subject public key info:             public key algorithm: id-ecpublickey                 public-key: (192 bit)                 pub:                     04:dc:ca:07:76:de:28:91:b8:94:16:08:12:01:85:                     24:a5:a5:5e:48:84:aa:2b:f8:3a:fa:87:f1:30:70:                     f3:7b:01:68:6a:f6:29:56:c7:17:60:71:fe:b7:c0:                     d1:d5:1c:ad                 asn1 oid: prime192v1                 nist curve: p-192         x509v3 extensions:             x509v3 basic constraints: critical                 ca:false             x509v3 key usage: critical                 digital signature, key encipherment             x509v3 extended key usage: critical                 tls web client authentication, tls web server authentication             x509v3 subject key identifier:                 <subject key identifier>             x509v3 authority key identifier:                 keyid: <key id>      signature algorithm: ecdsa-with-sha1          <signature goes here>

this leaves me under impression nist p-192 curve not being recognized jdk ssl library. jdk version running 1.7.0_79. don't know how proceed fixing this. ideas?

this might related encryption issue, rather ssl issue. have tried using unlimited strength jurisdiction policy files?


Comments

Post a Comment

Popular posts from this blog

python - TypeError: start must be a integer -

-
i trying draw 5 turtles, getting typeerror on line 25. here code: import turtle wn = turtle.screen() redrose = turtle.turtle() color = input("what background color be?") fillcolor_f = input("what color of rose be?") redrose.hideturtle() redrose.speed(30) redrose.penup() redrose.left(180) redrose.forward(175) redrose.right(90) redrose.forward(30) redrose.right(90) redrose.pendown() def drawrose(red): redrose.color("pink") redrose.fillcolor(fillcolor_f) redrose.fill(true) in range(red): redrose.forward(i) redrose.right(49) in range(5): drawrose(redrose) redrose.penup() redrose.forward(350) redrose.right(144) redrose.pendown() redrose.fill(false) drawrose(50) wn.bgcolor(color) i trying draw 5 roses, produces errors. doing in interactivepython.org. you recursively calling drawrose wrong parameter. on line 23 ( for in range(red): ) expect red integer...
Read more

c# - DevExpress RepositoryItemComboBox BackColor property ignored -

-
i have following code almost works properly; private void cbstatus_drawitem(object sender, listboxdrawitemeventargs e) { string item = e.item string; if (item != null) { switch (item) { case "1": e.appearance.forecolor = color.green; e.appearance.backcolor = color.green; break; case "2": e.appearance.forecolor = color.orange; e.appearance.backcolor = color.orange; break; case "3": e.appearance.forecolor = color.red; e.appearance.backcolor = color.red; break; } } } when dropdown shown, items forecolor correct, backcolor remains whatever backcolor of theme is; i.e. if i've got set dark theme, backcolor dark, cells in gridview, rather being green/orange/red. i've tried setting e.appearance.options.usebackcolor trying set e....
Read more

django - Creating multiple model instances in DRF3 -

-
1) create multiple model instances 1 api call, asked here: how create multiple model instances django rest framework? tried solution named in link, no success. i trying upload multiple files in 1 api call. result: files uploaded (only once overwrote perform_create) 1 instance created (if send 2 files, latter created instance). my code: class fileuploadserializer(serializers.modelserializer): def __init__(self, *args, **kwargs): many = kwargs.pop('many', true) super(fileuploadserializer, self).__init__(many=many, *args, **kwargs) class meta: model = fileupload read_only_fields = ('created', 'datafile', 'owner') class fileuploadviewset(viewsets.modelviewset): queryset = fileupload.objects.all() serializer_class = fileuploadserializer parser_classes = (multipartparser, formparser, ) def perform_create(self, serializer): file_list = self.request.data.getlist('file') ...
Read more