Hello everyone,

I am exploring using akka-streams as a TCP client.  Unfortunately my use 
case requires the usage of pre-shared keys as the cipher suite 
(specifically TLS_PSK_WITH_AES_128_CBC_SHA) instead of using certificates.

Looking through the source code and test cases 
<https://github.com/akka/akka/blob/releasing-akka-stream-and-http-experimental-2.0-M1/akka-stream-tests/src/test/scala/akka/stream/io/TlsSpec.scala>,
 
it appears you guys based your SslTls bidi flows off of JSSE.  I am running 
on jdk 8, and it doesn't look like it supports PSK ciphers:
  
val context = SSLContext.getInstance("TLS")
    context.init(null, null, null)
context.getDefaultSSLParameters.getCipherSuites.toList.foreach(println)

[info] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[info] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[info] TLS_RSA_WITH_AES_128_CBC_SHA256
[info] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
[info] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
[info] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[info] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
[info] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[info] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
[info] TLS_RSA_WITH_AES_128_CBC_SHA
[info] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
[info] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
[info] TLS_DHE_RSA_WITH_AES_128_CBC_SHA
[info] TLS_DHE_DSS_WITH_AES_128_CBC_SHA
[info] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
[info] TLS_ECDHE_RSA_WITH_RC4_128_SHA
[info] SSL_RSA_WITH_RC4_128_SHA
[info] TLS_ECDH_ECDSA_WITH_RC4_128_SHA
[info] TLS_ECDH_RSA_WITH_RC4_128_SHA
[info] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[info] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[info] TLS_RSA_WITH_AES_128_GCM_SHA256
[info] TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
[info] TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
[info] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[info] TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
[info] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
[info] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
[info] SSL_RSA_WITH_3DES_EDE_CBC_SHA
[info] TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
[info] TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
[info] SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
[info] SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
[info] SSL_RSA_WITH_RC4_128_MD5
[info] TLS_EMPTY_RENEGOTIATION_INFO_SCSV


val cipherSuites = 
NegotiateNewSession.withCipherSuites("TLS_PSK_WITH_AES_128_CBC_SHA")
    val clientTls = SslTls(context, cipherSuites, Client)

// eventually produces the following error:

Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite 
TLS_PSK_WITH_AES_128_CBC_SHA
[info] at sun.security.ssl.CipherSuite.valueOf(CipherSuite.java:237)
[info] at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:82)
[info] at 
sun.security.ssl.SSLEngineImpl.setEnabledCipherSuites(SSLEngineImpl.java:2018)
[info] at 
akka.stream.impl.io.SslTlsCipherActor$$anonfun$applySessionParameters$1.apply(SslTlsCipherActor.scala:156)


It doesn't seem like I'd be able to integrate bouncycastle as it is a JCE 
provider instead of JSSE.


I'm relatively new to akka-streams and JSSE, so if I'm mistaken with 
anything here please let me know!

Do you guys know how I'd go about implementing this use case using 
akka-streams?

Any help is appreciated - thanks!
-Chris

-- 
>>>>>>>>>>      Read the docs: http://akka.io/docs/
>>>>>>>>>>      Check the FAQ: 
>>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>>      Search the archives: https://groups.google.com/group/akka-user
--- 
You received this message because you are subscribed to the Google Groups "Akka 
User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to akka-user+unsubscr...@googlegroups.com.
To post to this group, send email to akka-user@googlegroups.com.
Visit this group at http://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.

Reply via email to