DHPublicKey不符合算法约束
我有一个使用LDAP来验证和授权用户的Java web应用程序(点燃实时xmpp服务器)。DHPublicKey不符合算法约束
最近,LDAP服务器将其密码套件升级为更安全的密码。在我降级/jre/lib/security/java.security文件中允许的最小keySize之前,我无法让我的应用程序与此LDAP服务器通信。
#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024
我加了JCE 8在应用程序使用的JRE来更新密码,新密码出现了(我用this program和之前相比并后)
我能在webapp的管理控制台的密码 - 具体做法是:
> * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
我用this program看到LDAP服务器用什么密码:
结果如下:
Testing server - upgraded endpoint
Given this client's capabilities ([SSLv3, TLSv1, TLSv1.1, TLSv1.2]), the server prefers protocol=TLSv1.2, cipher=TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Testing server - non-upgraded endpoint
Given this client's capabilities ([SSLv3, TLSv1, TLSv1.1, TLSv1.2]), the server prefers protocol=TLSv1.2, cipher=TLS_RSA_WITH_AES_128_CBC_SHA
,该应用可能跟老LDAP(在集群中的未升级端点)具有以下java.security设置:
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 2048
当终点是升级后(它被放在F5负载均衡器后面),我无法让应用连接,直到降级最低keySize。 LDAP的证书链(新旧终端)没有改变。
openssl s_client -connect newLDAP:636
显示了2048公钥,因为它的oldLDAP,唯一不同的是更强的密码 - 也许TLS版本1比1.2取决于我试图从OpenSSL的的s_client.First机器上的OpenSSL的版本。
该应用程序的xmpp网络应用程序:5223和管理控制台:9091也使用SSL,并且每个这些也都有2048位公钥。
在应用程序的日志文件中的错误是:
"DHPublicKey does not comply to algorithm constraints"
上面我所提到的约束相信引用jdk.tls.disabledAlgorithms java.security文件属性。
我很困惑,为什么显然更安全的密码现在需要一个较小的最小keySize为应用程序和LDAP连接工作。
我必须错过某些东西或做错事。
下面是从应用程序的日志一些堆栈跟踪:
2017.07.25 18:54:32 WARN [Jetty-QTP-AdminConsole-98]: org.jivesoftware.admin.LoginLimitManager - Failed admin console login attempt by <myuserid> from <myIP>
2017.07.25 18:54:33 INFO [Server SR - 881162561]: org.jivesoftware.openfire.net.SocketReadingMode - STARTTLS negotiation (with: [email protected] socket: Socket[addr=/78.46.93.108,port=57984,localport=5269] session: [email protected]3cab status: 1 address: <xyz>.com/5c3gn5yu6p id: 5c3gn5yu6p) failed.
javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:241)
at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:178)
at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 95)
at org.jivesoftware.openfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:87)
at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:138)
at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 76)
at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:145)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
at sun.security.ssl.DHCrypt.checkConstraints(DHCrypt.java:237)
at sun.security.ssl.ServerHandshaker.clientKeyExchange(ServerHandshaker.java:1599)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:269)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:34 4)
at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:254)
... 7 more
2017.07.25 18:54:36 INFO [Server SR - 1692736043]: org.jivesoftware.openfire.net.SocketReadingMode - STARTTLS negotiation (with: [email protected] socket: Socket[addr=/136.243.42.223,port=47704,localport=5269] session: org.jivesoftware.openfire.sessi[email protected] status: 1 address: <xyz>.com/5rljrbkums id: 5rljrbkums) failed.
javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:241)
at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:178)
at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 95)
at org.jivesoftware.openfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:87)
at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:138)
at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 76)
at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:145)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
at sun.security.ssl.DHCrypt.checkConstraints(DHCrypt.java:237)
at sun.security.ssl.ServerHandshaker.clientKeyExchange(ServerHandshaker.java:1599)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:269)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:34 4)
at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:254)
... 7 more
2017.07.25 19:03:00 ERROR [Jetty-QTP-AdminConsole-56]: org.jivesoftware.openfire.ldap.LdapAuthProvider - Error connecting to LDAP server
javax.naming.CommunicationException: <myLDAP>:636 [Root exception is javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.ja va:64)
at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:115)
at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:132)
at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:329)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1606)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.jivesoftware.util.JiveInitialLdapContext.<init>(JiveInitialLdapContext.java :43)
at org.jivesoftware.openfire.ldap.LdapManager.getContext(LdapManager.java:568)
at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:975)
at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:928)
at org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:126)
at org.jivesoftware.openfire.auth.AuthFactory.authenticate(AuthFactory.java:217)
at org.jivesoftware.openfire.admin.login_jsp._jspService(login_jsp.java:175)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1669)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:39)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)
at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:76)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:53)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)
at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:80)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:162)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:22 3)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:11 27)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:106 1)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandler Collection.java:215)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.jav a:110)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
at sun.security.ssl.DHCrypt.checkConstraints(DHCrypt.java:237)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:712)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:268)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
... 56 more
感谢任何见解, SM
更多的背景:
我扫描的另一台服务器(如Web服务器)的背后同样的F5新的LDAP服务器也在后面,但是ssllabs可以访问......并且看到了关键的交换评级是橙色的 - 例如支持1024个DH密钥...因此网络服务器被降级到B级。这可能是我需要降低java.security设置以连接到新的LDAP服务器的原因。
我在可访问的Web服务器(未升级的F5后面)上做了相同的ssllabs扫描,旧的LDAP也很可能落后,密钥交换是绿色的,但较弱的支持密码和不安全的协议支持导致F评分。
我想,这也许可以解释的事情,假设同一密码套件跨越贵宾用于对个人F5s。
由于James K. Polk(在注释)建议一个合理的解释和SSL分析工具的建议。
要在我自己的问题跟进,我敢肯定,我证实,它是新的LDAP系统的临时密钥交换问题,因为最初是由James K Polk建议!他的建议SSLyze也非常有帮助。
我在新旧LDAP系统上运行了以下命令,我认为新系统只支持1024位密钥交换,而旧系统甚至可能不会进行密钥交换,这可能是为什么更强DH的keySize设置在JRE的java.security文件中工作(例如,它没有被使用)。
python -m sslyze --tlsv1_2 --starttls=auto myLDAP:636
AVAILABLE PLUGINS
-----------------
OpenSslCipherSuitesPlugin
HeartbleedPlugin
OpenSslCcsInjectionPlugin
CertificateInfoPlugin
SessionResumptionPlugin
CompressionPlugin
SessionRenegotiationPlugin
FallbackScsvPlugin
HttpHeadersPlugin
CHECKING HOST(S) AVAILABILITY
-----------------------------
myLDAP:636 => 0.1.2.3
SCAN RESULTS FOR myLDAP:636 - 0.1.2.3
-------------------------------------------------
* TLSV1_2 Cipher Suites:
Preferred:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH-1024 bits 256 bits
Accepted:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-384 bits 256 bits
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH-384 bits 256 bits
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-384 bits 256 bits
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH-1024 bits 256 bits
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH-1024 bits 256 bits
TLS_RSA_WITH_AES_256_GCM_SHA384 - 256 bits
TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits
TLS_RSA_WITH_AES_256_CBC_SHA256 - 256 bits
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH-384 bits 128 bits
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH-384 bits 128 bits
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-384 bits 128 bits
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH-1024 bits 128 bits
TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DH-1024 bits 128 bits
TLS_RSA_WITH_AES_128_CBC_SHA256 - 128 bits
TLS_RSA_WITH_AES_128_GCM_SHA256 - 128 bits
TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH-384 bits 112 bits
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH-1024 bits 112 bits
TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bits
Rejected:
<snipped>
SCAN COMPLETED IN 0.16 S
------------------------
python -m sslyze --tlsv1_2 --starttls=auto oldLDAP:636
AVAILABLE PLUGINS
-----------------
CompressionPlugin
OpenSslCipherSuitesPlugin
CertificateInfoPlugin
FallbackScsvPlugin
OpenSslCcsInjectionPlugin
SessionResumptionPlugin
SessionRenegotiationPlugin
HttpHeadersPlugin
HeartbleedPlugin
CHECKING HOST(S) AVAILABILITY
-----------------------------
oldLDAP:636 => 4.5.6.7
SCAN RESULTS FOR oldLDAP:636 - 4.5.6.7
-------------------------------------------------------------
* TLSV1_2 Cipher Suites:
Preferred:
TLS_RSA_WITH_RC4_128_SHA - 128 bits
Accepted:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits
TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits
TLS_RSA_WITH_AES_256_CBC_SHA256 - 256 bits
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits
TLS_RSA_WITH_AES_128_CBC_SHA256 - 128 bits
TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits
TLS_RSA_WITH_RC4_128_SHA - 128 bits
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH-256 bits 112 bits
TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bits
Rejected:
<snipped>
SCAN COMPLETED IN 0.34 S
------------------------
我不确定你在问什么。服务器显然是在使用2048位之前使用1024位DH组。抱怨服务器管理员。 –
如何验证服务器(我假定您的意思是LDAP)正在使用1024位组?我提到用openssl s_client和Java SSLTest程序连接到LDAP服务器。 Openssl显示公钥是2048位,SSLTest程序显示TLS版本和密码。 –
带有DHE密码套件的“公钥”有两个公钥,通常是RSA的长期身份验证公钥和每个连接都会改变的DH公钥。我总是使用ssllabs.com上的服务器测试工具来获得服务器SSL功能的良好配置。 –