Regarding PSK and SRP support for Tomcat 9.0.37 server

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Regarding PSK and SRP support for Tomcat 9.0.37 server

Rahul Shukla
Hi All,
I am using Tomcat server with version 9.0.37 and JSSE is configured for TLS.
*Use Case:* TLS Client, that uses OpenSSL1.1.1d internally, is trying to
connect this Tomcat server using PSK and SRP based ciphers(Ex :
_RSA-PSK-AES256-GCM-SHA384). Here we are observing a Fatal error on the
client side.
*Question:* Are PSK and SRP based ciphers supported by the Tomcat server
configured with JSSE? I found one old article saying that it is not
supported by JSSE(
http://tomcat.10.x6.nabble.com/How-to-set-up-TLS-PSK-with-Tomcat-td5022729.html).
Not sure if it is supported in the latest versions. If it is supported, how
can I configure it. Any reference will be really appreciated. Any idea, if
PSK and SRP based ciphers are only supported for any specific TLS protocol
version?

Thanks, Rahul.
Reply | Threaded
Open this post in threaded view
|

Regarding PSK and SRP support for Tomcat 9.0.37 server

Rahul Shukla
Hi All,
I am using Tomcat server with version 9.0.37 and JSSE is configured for TLS.
*Use Case:* TLS Client, that uses OpenSSL1.1.1d internally, is trying to
connect this Tomcat server using PSK and SRP based ciphers(Ex :
_RSA-PSK-AES256-GCM-SHA384). Here we are observing a Fatal error on the
client side.
*Question:* Are PSK and SRP based ciphers supported by the Tomcat server
configured with JSSE? I found one old article saying that it is not
supported by JSSE(
http://tomcat.10.x6.nabble.com/How-to-set-up-TLS-PSK-with-Tomcat-td5022729.html).
Not sure if it is supported in the latest versions. If it is supported, how
can I configure it. Any reference will be really appreciated. Any idea, if
PSK and SRP based ciphers are only supported for any specific TLS protocol
version?

Thanks, Rahul.
Reply | Threaded
Open this post in threaded view
|

Re: Regarding PSK and SRP support for Tomcat 9.0.37 server

Christopher Schultz-2
Rahul,

On 1/26/21 22:49, Rahul Shukla wrote:

> Hi All,
> I am using Tomcat server with version 9.0.37 and JSSE is configured for TLS.
> *Use Case:* TLS Client, that uses OpenSSL1.1.1d internally, is trying to
> connect this Tomcat server using PSK and SRP based ciphers(Ex :
> _RSA-PSK-AES256-GCM-SHA384). Here we are observing a Fatal error on the
> client side.
> *Question:* Are PSK and SRP based ciphers supported by the Tomcat server
> configured with JSSE? I found one old article saying that it is not
> supported by JSSE(
> http://tomcat.10.x6.nabble.com/How-to-set-up-TLS-PSK-with-Tomcat-td5022729.html).
> Not sure if it is supported in the latest versions. If it is supported, how
> can I configure it. Any reference will be really appreciated. Any idea, if
> PSK and SRP based ciphers are only supported for any specific TLS protocol
> version?

I don't believe PSK is supported until TLSv1.3 in Oracle's JSSE. YOu may
be able to use BouncyCastle, which appears to support it at least for
clients.

Tomcat has no configuration for this kind of thing because (a) it's not
terribly secure and (b) nobody really wants it and (c) we don't have an
example of a JSSE provider which supports it.

If you are able to get a simple SSLSocketFactory configured to connect
to a server with a PSK-based cipher suite in use and can provide the
code to do that, I'm sure we can find a way to integrate that into Tomcat.

But I don't think anyone around here is going to scratch that particular
itch because it doesn't seem worth it.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]