0

As i am trying to add support for RSASSA-PSS algorithm for SSL handshake. This algorithm is provided by SunRsaSign provider, whereas same algorithm is missing in SunJSSE provider which is used as default provider during SSL handshake in Java 8u252. I am initialising SSL context as below SSLContext ssl = SSLContext.getInstance("TLSv1.2");

I want to know how to add this algorithm to SSLContext/SSLSocket, so that certificate verification succeeds.

In latest Java-8 below are the available algorithms during SSL handshake. As we can see RSASSA-PSS algorithm is missing in supported algorithm list. Hence, handshake is failing

enter image description here

However, SSL handshake is happening in Java-11 as we have RSASSA-PSS algorithm in run-time. please note that in Java-11, RSASSA-PSS algorithm provided by 2 providers, SunJSSE & SunRsaSign. enter image description here

Sharath K P
  • 41
  • 1
  • 4
  • You can't. Java 8 JSSE implements TLS1.2 (and below, but below 1.2 doesn't have sigalgs). 1.2 sigalgs does not include RSAPSS. Java 11 implements TLS1.3 and below, and 1.3 _does_ add support for RSAPSS, also removing DSA and _modifying_ (restricting) ECDSA which your decode doesn't show. The TLS1.3 spec (RFC8446 #4.2.3) requires a 1.3 implementation that negotiates 1.2 supports RSAPSS, see https://crypto.stackexchange.com/q/79665 , but the 1.3 spec can't change 1.2 implementations. Even if you could offer PSS to a 1.2 implementation it will be ignored as 'unknown'. – dave_thompson_085 May 08 '20 at 13:35
  • Although you could try using a recent _BouncyCastle_ (bctls). The Bouncy version doesn't have to match the Java version; you can run pretty much any Bouncy on any Java back to 7 at least, and I think still 5 (at least if the codesigning CA is still valid). Thus you should be able to use a Bouncy that supports TLS1.3, and RSAPSS, on Java 8. But I haven't tested. – dave_thompson_085 May 08 '20 at 13:54
  • @dave_thompson_085 Thanks for clear explanation, if i make bouncy castle provider available by below command is it sufficient? ``` Security.addProvider() ``` – Sharath K P May 08 '20 at 14:37
  • You need to pass a provider _object_ not name to `addProvider` or `insertProviderAt`. And note you want the BCJSSE provider from the bctls jar not (or not only) the 'core' BC provider from the bcprov jar. If you use `addProvider` it's at the end of the list, and to get it you must use a two-arg `SSLContext.getInstance` and explicitly specify BCJSSE. If you instead use `insertProviderAt` to place it _before_ the standard SunJSSE -- or remove SunJSSE -- then you can use single-arg `getInstance`. – dave_thompson_085 May 10 '20 at 13:24
  • Update: **Java 8u261** now implements TLS1.3 (including PSS) _and_ PSS in TLS1.2 as per 8446 4.2.3. – dave_thompson_085 Aug 11 '20 at 03:28
  • Yes @dave_thompson_085, I am using 8u261 to have support for RSASSA algorithms. Big Thanks! – Sharath K P Aug 12 '20 at 05:19

0 Answers0