0

We are enabling 2-way SSL and using ECDSA certificates. Our application uses SSLServerSocket which is enabled for 2 -way SSL. sslSocket.setNeedClientAuth(true);

I see TLS handshake failing everytime at ***READ ClientKeyExchange ECDH ( I tested using openssl s_client -connect .. ) ***SEND Alert Fatal, Unexpected Message ***ENCRYPT: Plaintext (2): [ 0000: 02 0a [.. ] ] ***ENCRYPT: Ciphertext (2): [ 0000: 02 0a [.. ] ]

The above is obtained after enabling -Djavax.net.debug=all Cipher suite agreed is TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

Any leads on what could be the issue here?

Alert Fatal, Unexpected Message is very generic. Can we get a detailed message than this? The java security provider used is security.provider.1=com.rsa.jsafe.provider.JsafeJCE

Thanks

DDD
  • 11
  • 3
  • can you put full stacktrace and can you put a reproducer to github ? – ozkanpakdil Oct 14 '21 at 16:27
  • @özkanpakdil.. Below is the link.. Please have a look https://github.com/sajid3211/Staceow_-/blob/main/TLS – DDD Nov 08 '21 at 15:39
  • that log does not look like the full picture. what is your SSL configuration, which protocol which algorithm, and what java version, please provide more details, if you are trying to use old sslv3 you may need to https://stackoverflow.com/a/38434933/175554 – ozkanpakdil Nov 08 '21 at 17:37
  • Those are full logs, I have sanitized these that's it. We dont need to use old sslv3, We intend to use TLSv1.2 – DDD Nov 09 '21 at 15:01
  • openssl s_client -connect server1:1234 -cert /tmp/sk/host_ECDSA.pem -key /tmp/sk/host_ECDSA.key -CAfile /tmp/sk/ECDSA_Server.cer This's the command – DDD Nov 09 '21 at 15:16

0 Answers0