DHPublicKey 不符合算法约束

【问题标题】:DHPublicKey does not comply to algorithm constraintsDHPublicKey 不符合算法约束
【发布时间】:2018-01-02 07:38:21
【问题描述】:

我有一个使用 LDAP 对用户进行身份验证和授权的 Java webapp(启动实时 xmpp 服务器)。

最近,LDAP 服务器将其密码套件升级为更安全的密码。在我降级 /jre/lib/security/java.security 文件中允许的最小 keySize 之前,我无法让我的应用程序与此 LDAP 服务器通信,例如

#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024

我在应用程序使用的 jre 中添加了JCE 8 来更新密码,新密码出现了(我使用了this program 并比较了之前和之后)

我在 webapp 的管理控制台中启用了密码 - 特别是:

 > *       TLS_DHE_RSA_WITH_AES_256_CBC_SHA

 > *       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 > *       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

我使用this program 来查看 LDAP 服务器使用的密码:

结果如下:

Testing server - upgraded endpoint
Given this client's capabilities ([SSLv3, TLSv1, TLSv1.1, TLSv1.2]),             the server prefers protocol=TLSv1.2,     cipher=TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Testing server - non-upgraded endpoint
Given this client's capabilities ([SSLv3, TLSv1, TLSv1.1, TLSv1.2]),     the server prefers protocol=TLSv1.2, cipher=TLS_RSA_WITH_AES_128_CBC_SHA

应用可以通过以下 java.security 设置与旧 LDAP(以及集群中未升级的端点)通信:

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 2048

当端点升级时(它被放在 F5 负载平衡器后面),我无法让应用程序连接,直到降级最小 keySize。 LDAP 的证书链(新端点与旧端点)没有改变。 

openssl s_client -connect newLDAP:636

显示 2048 公钥,与 oldLDAP 一样,唯一的区别是密码更强 - 可能是 TLS 版本 1 和 1.2,具体取决于我尝试使用 openssl s_client 的机器上的 openssl 版本。

该应用程序的 xmpp web 应用程序 :5223 和管理控制台 :9091 也使用 SSL,并且每个都具有 2048 位公钥。

应用程序日志文件中的错误是:

"DHPublicKey does not comply to algorithm constraints"

我相信上面提到的约束引用了 jdk.tls.disabledAlgorithms java.security 文件属性。

我很困惑为什么显然更安全的密码现在需要更小的最小密钥大小才能使应用程序和 LDAP 连接正常工作。

我一定是错过了什么或做错了什么。

以下是应用日志中的一些堆栈跟踪:

    2017.07.25 18:54:32 WARN  [Jetty-QTP-AdminConsole-98]: org.jivesoftware.admin.LoginLimitManager - Failed admin console login attempt by <myuserid> from <myIP>
    2017.07.25 18:54:33 INFO  [Server SR - 881162561]: org.jivesoftware.openfire.net.SocketReadingMode - STARTTLS negotiation (with: org.jivesoftware.openfire.net.SocketConnection@1248cf94 socket: Socket[addr=/78.46.93.108,port=57984,localport=5269] session: org.jivesoftware.openfire.session.LocalIncomingServerSession@2843cab status: 1 address: <xyz>.com/5c3gn5yu6p id: 5c3gn5yu6p) failed.
    javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
            at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)
            at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
            at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
            at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
            at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
            at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:241)
            at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:178)
            at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 95)
            at org.jivesoftware.openfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:87)
            at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:138)
            at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 76)
            at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:145)
            at java.lang.Thread.run(Thread.java:745)
    Caused by: javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
            at sun.security.ssl.DHCrypt.checkConstraints(DHCrypt.java:237)
            at sun.security.ssl.ServerHandshaker.clientKeyExchange(ServerHandshaker.java:1599)
            at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:269)
            at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
            at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
            at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
            at java.security.AccessController.doPrivileged(Native Method)
            at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
            at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:34 4)
            at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:254)
            ... 7 more













    2017.07.25 18:54:36 INFO  [Server SR - 1692736043]: org.jivesoftware.openfire.net.SocketReadingMode - STARTTLS negotiation (with: org.jivesoftware.openfire.net.SocketConnection@7b80ac6e socket: Socket[addr=/136.243.42.223,port=47704,localport=5269] session: org.jivesoftware.openfire.session.LocalIncomingServerSession@330ab9e3 status: 1 address: <xyz>.com/5rljrbkums id: 5rljrbkums) failed.
    javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
            at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)
            at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
            at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
            at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
            at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
            at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:241)
            at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:178)
            at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 95)
            at org.jivesoftware.openfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:87)
            at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:138)
            at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 76)
            at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:145)
            at java.lang.Thread.run(Thread.java:745)
    Caused by: javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
            at sun.security.ssl.DHCrypt.checkConstraints(DHCrypt.java:237)
            at sun.security.ssl.ServerHandshaker.clientKeyExchange(ServerHandshaker.java:1599)
            at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:269)
            at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
            at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
            at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
            at java.security.AccessController.doPrivileged(Native Method)
            at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
            at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:34 4)
            at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:254)
            ... 7 more





    2017.07.25 19:03:00 ERROR [Jetty-QTP-AdminConsole-56]: org.jivesoftware.openfire.ldap.LdapAuthProvider - Error connecting to LDAP server
    javax.naming.CommunicationException: <myLDAP>:636 [Root exception is javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints]
            at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
            at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
            at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.ja va:64)
            at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:115)
            at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:132)
            at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:329)
            at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1606)
            at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
            at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
            at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
            at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
            at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
            at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
            at javax.naming.InitialContext.init(InitialContext.java:244)
            at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
            at org.jivesoftware.util.JiveInitialLdapContext.<init>(JiveInitialLdapContext.java :43)
            at org.jivesoftware.openfire.ldap.LdapManager.getContext(LdapManager.java:568)
            at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:975)
            at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:928)
            at org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:126)
            at org.jivesoftware.openfire.auth.AuthFactory.authenticate(AuthFactory.java:217)
            at org.jivesoftware.openfire.admin.login_jsp._jspService(login_jsp.java:175)
            at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
            at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
            at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1669)
            at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:39)
            at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)
            at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:76)
            at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)
            at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:53)
            at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)
            at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:80)
            at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)
            at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:162)
            at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1652)
            at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
            at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
            at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
            at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:22 3)
            at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:11 27)
            at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
            at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185 )
            at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:106 1)
            at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
            at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandler Collection.java:215)
            at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.jav a:110)
            at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
            at org.eclipse.jetty.server.Server.handle(Server.java:499)
            at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
            at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
            at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
            at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635 )
            at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
            at java.lang.Thread.run(Thread.java:745)
    Caused by: javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
            at sun.security.ssl.DHCrypt.checkConstraints(DHCrypt.java:237)
            at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:712)
            at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:268)
            at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
            at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
            at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
            at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
            at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
            at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
            at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376)
            at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
            ... 56 more

感谢您的任何见解, sm

【问题讨论】:

  • 我不确定你的问题是什么。该服务器显然使用的是 1024 位 DH 组,而之前它使用的是 2048 位。向服务器管理员投诉。
  • 如何验证服务器(我假设您的意思是 LDAP)正在使用 1024 位组?我提到了使用 openssl s_client 和 Java SSLTest 程序连接到 LDAP 服务器。 Openssl 显示公钥是 2048 位,SSLTest 程序显示 TLS 版本和密码。
  • "The public key ..." 使用 DHE 密码套件有两个公钥,一个是长期身份验证公钥,通常是 RSA,另一个是 DH 公钥,每次连接都会改变。我总是使用 ssllabs.com 上的服务器测试器来获得服务器 SSL 功能的良好配置文件。
  • 感谢您提供的线索。不幸的是,我无法使用 sslabs.com,因为 LDAP 服务器在我们的网络之外无法访问,并且 XMPP 和 LDAP 服务器都在不同于 443 的端口上运行 SSL。我提到 LDAP 服务器落后于新的 F5 (VIPRION) 负载平衡器 -我想知道是否是临时密钥导致了与此类似的问题...devcentral.f5.com/questions/… - 知道如何测试吗?
  • 我尝试了这里提到的 openssl 命令 - security.stackexchange.com/questions/89773/… (openssl s_client -connect myLDAP:636 -cipher "EDH" | grep -i "Server Temp Key"),但没有看到临时密钥信息 - 我也尝试了一个 grep -i "key" 的变体,但只看到了 2048 公钥。

标签: encryption tls1.2


【解决方案1】:

为了跟进我自己的问题,我很确定我确认这是 James K Polk 最初建议的新 LDAP 系统上的临时密钥交换问题!他对SSLyze 的建议也非常有帮助。

我在新旧 LDAP 系统上运行了以下命令,我认为新系统仅支持最高 1024 位的密钥交换,而旧系统甚至可能不进行密钥交换,这可能是更强的 DH 的原因JRE 的 java.security 文件中的 keySize 设置有效(例如,它没有被使用)。

python -m sslyze --tlsv1_2 --starttls=auto myLDAP:636



 AVAILABLE PLUGINS
 -----------------

  OpenSslCipherSuitesPlugin
  HeartbleedPlugin
  OpenSslCcsInjectionPlugin
  CertificateInfoPlugin
  SessionResumptionPlugin
  CompressionPlugin
  SessionRenegotiationPlugin
  FallbackScsvPlugin
  HttpHeadersPlugin



 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   myLDAP:636                       => 0.1.2.3




 SCAN RESULTS FOR myLDAP:636 - 0.1.2.3
 -------------------------------------------------

 * TLSV1_2 Cipher Suites:
     Preferred:
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384               DH-1024 bits   256 bits
     Accepted:
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384             ECDH-384 bits  256 bits
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384             ECDH-384 bits  256 bits
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                ECDH-384 bits  256 bits
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256               DH-1024 bits   256 bits
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA                  DH-1024 bits   256 bits
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384               DH-1024 bits   256 bits
    TLS_RSA_WITH_AES_256_GCM_SHA384                   -              256 bits
    TLS_RSA_WITH_AES_256_CBC_SHA                      -              256 bits
    TLS_RSA_WITH_AES_256_CBC_SHA256                   -              256 bits
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256             ECDH-384 bits  128 bits
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             ECDH-384 bits  128 bits
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                ECDH-384 bits  128 bits
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256               DH-1024 bits   128 bits
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA                  DH-1024 bits   128 bits
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256               DH-1024 bits   128 bits
    TLS_RSA_WITH_AES_128_CBC_SHA256                   -              128 bits
    TLS_RSA_WITH_AES_128_GCM_SHA256                   -              128 bits
    TLS_RSA_WITH_AES_128_CBC_SHA                      -              128 bits
    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA               ECDH-384 bits  112 bits
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA                 DH-1024 bits   112 bits
    TLS_RSA_WITH_3DES_EDE_CBC_SHA                     -              112 bits
     Rejected:
    <snipped>


 SCAN COMPLETED IN 0.16 S
 ------------------------











python -m sslyze --tlsv1_2 --starttls=auto oldLDAP:636



 AVAILABLE PLUGINS
 -----------------

  CompressionPlugin
  OpenSslCipherSuitesPlugin
  CertificateInfoPlugin
  FallbackScsvPlugin
  OpenSslCcsInjectionPlugin
  SessionResumptionPlugin
  SessionRenegotiationPlugin
  HttpHeadersPlugin
  HeartbleedPlugin



 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   oldLDAP:636                       => 4.5.6.7




 SCAN RESULTS FOR oldLDAP:636 - 4.5.6.7
 -------------------------------------------------------------

 * TLSV1_2 Cipher Suites:
     Preferred:
    TLS_RSA_WITH_RC4_128_SHA                          -              128 bits
     Accepted:
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                ECDH-256 bits  256 bits
    TLS_RSA_WITH_AES_256_CBC_SHA                      -              256 bits
    TLS_RSA_WITH_AES_256_CBC_SHA256                   -              256 bits
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                ECDH-256 bits  128 bits
    TLS_RSA_WITH_AES_128_CBC_SHA256                   -              128 bits
    TLS_RSA_WITH_AES_128_CBC_SHA                      -              128 bits
    TLS_RSA_WITH_RC4_128_SHA                          -              128 bits
    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA               ECDH-256 bits  112 bits
    TLS_RSA_WITH_3DES_EDE_CBC_SHA                     -              112 bits
     Rejected:
    <snipped>


 SCAN COMPLETED IN 0.34 S
 ------------------------

【讨论】:

  • 您能否编辑您的问题以提供更多信息。答案是为了答案。
  • @transilvlad,这似乎是一个答案。另一方面,另一个帖子应该是对帖子的编辑。
猜你喜欢
  • 2019-02-24
  • 1970-01-01
  • 2023-03-14
  • 2016-11-06
  • 2020-03-06
  • 2017-08-13
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode