弹力城堡和TLS_RSA_WITH_AES_128_CCM
我的一种测试工具(我只有二进制),使用Java进行TLS通信。 由于标准Java不提供支持,因此使用CCM的密码使用了弹力城堡。 配置弹性城堡后,我的工具适用于大多数相关密码(例如: tls_dhe_rsa_with_aes_128_ccm)。 但是,该工具失败了TLS_RSA_WITH_AES_128_CCM CIPHER SUITE。
以下是错误跟踪:
14:34:15.350 INFO - Start TCP Listener on 0.0.0.0/0.0.0.0:10075 14:34:23.818 INFO - Accept connection Socket[addr=/127.0.0.1,port=53357,localport=10075] 14:34:23.831 DEBUG
- /127.0.0.1:10075<-/127.0.0.1:53357(1): enter state: Sta2 - Transport connection open May 02, 2022 2:34:23 PM org.bouncycastle.jsse.provider.ProvTlsServer notifyAlertRaised INFO: Server raised fatal(2) handshake_failure(40) alert: Failed to read record org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); No selectable cipher suite
at org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.generateServerHello(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.accept(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.handshakeIfNecessary(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect$AppDataInput.read(Unknown Source)
at org.dcm4che3.util.StreamUtils.readAvailable(StreamUtils.java:57)
at org.dcm4che3.util.StreamUtils.readFully(StreamUtils.java:68)
at org.dcm4che3.net.PDUDecoder.readFully(PDUDecoder.java:225)
at org.dcm4che3.net.PDUDecoder.nextPDU(PDUDecoder.java:159)
at org.dcm4che3.net.Association$2.run(Association.java:571)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
14:34:23.918 INFO - /127.0.0.1:10075<-/127.0.0.1:53357(1): i/o exception: org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); No selectable cipher suite in State: Sta2 - Transport connection open
为什么要为此密码失败,而TLS_DHE_RSA_WITH_AES_AES_128_CCM可以使用任何指针?
提前致谢。
One of my test tools(I only have the binary), uses java for TLS communication.
Since standard java does not provide support, Bouncy Castle is used for ciphers that use CCM.
After configuring Bouncy Castle, my tool works for majority of CCM related ciphers (Eg:
TLS_DHE_RSA_WITH_AES_128_CCM).
However, the tool fails for TLS_RSA_WITH_AES_128_CCM cipher suite.
Below is the error trace:
14:34:15.350 INFO - Start TCP Listener on 0.0.0.0/0.0.0.0:10075 14:34:23.818 INFO - Accept connection Socket[addr=/127.0.0.1,port=53357,localport=10075] 14:34:23.831 DEBUG
- /127.0.0.1:10075<-/127.0.0.1:53357(1): enter state: Sta2 - Transport connection open May 02, 2022 2:34:23 PM org.bouncycastle.jsse.provider.ProvTlsServer notifyAlertRaised INFO: Server raised fatal(2) handshake_failure(40) alert: Failed to read record org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); No selectable cipher suite
at org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.generateServerHello(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.accept(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.handshakeIfNecessary(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect$AppDataInput.read(Unknown Source)
at org.dcm4che3.util.StreamUtils.readAvailable(StreamUtils.java:57)
at org.dcm4che3.util.StreamUtils.readFully(StreamUtils.java:68)
at org.dcm4che3.net.PDUDecoder.readFully(PDUDecoder.java:225)
at org.dcm4che3.net.PDUDecoder.nextPDU(PDUDecoder.java:159)
at org.dcm4che3.net.Association$2.run(Association.java:571)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
14:34:23.918 INFO - /127.0.0.1:10075<-/127.0.0.1:53357(1): i/o exception: org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); No selectable cipher suite in State: Sta2 - Transport connection open
Any pointers to why it fails for this cipher whereas TLS_DHE_RSA_WITH_AES_128_CCM works?
Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在Bouncycastle Github论坛的帮助下,我找到了该问题的解决方案。
它需要执行2个其他步骤:
With help from BouncyCastle github forum, I have found the solution for the issue.
It required 2 additional steps to be performed: