[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl] Question on CipherSuite TLS_RSA_WITH .....



Hello,

when using an IAIK-JCE version lower than 2.6 you will have to register the
alternative DSA algorithm ID, e.g.:

iaik.asn1.structures.AlgorithmID algID = new
iaik.asn1.structures.AlgorithmID("1.2.840.10040.4.1","DSA","DSA");


With IAIK-JCE 2.6 this algorithm ID already is registered.

Regards,
Dieter Bratko
-----Ursprüngliche Nachricht-----
Von: iaik-ssl-owner@iaik.tu-graz.ac.at
[mailto:iaik-ssl-owner@iaik.tu-graz.ac.at]Im Auftrag von Roger Perng
Gesendet: Donnerstag, 21. September 2000 19:21
An: 'iaik-ssl@iaik.at'
Betreff: [iaik-ssl] Question on CipherSuite TLS_RSA_WITH .....


Hi:

I used openssl generated DSA certs, when testing these
certs using the SSLClient/SSLServer demo program in
iaik_iSaSiLk/demo I got the error:

add Provider IAIK Security Provider v2.49...
***Exception : java.io.IOException: Unable to decode
certificate: java.security.cert.CertificateException:
PublicKey algorithm not implemented: 1.2.840.10040.4.1
Unable to set DSA server certificate.
DSA cipher-suites can not be used.
Unable to set DSA CA-Cert as trusted root.
enabled cipher suites:
  SSL_RSA_WITH_RC4_MD5
  SSL_RSA_WITH_RC4_SHA
  SSL_RSA_WITH_IDEA_CBC_SHA
  ...
  ...

1.2.840.10040.4.1 is the OID of "DSA", I think.  When
using the same set of certs on another set of
SSLClient/SSLServer test program (not from IAIK) I see
they're working, and the Cipher suite been used is:

TLS_RSA_WITH_3DES_EDE_CBC_SHA

and I don't see any TLS_* CipherSuite defined inside my IAIK.
What am I missing ?! ... Thanks in advance !


RP
--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl




smime.p7s