Hello everyone, I am exploring using akka-streams as a TCP client. Unfortunately my use case requires the usage of pre-shared keys as the cipher suite (specifically TLS_PSK_WITH_AES_128_CBC_SHA) instead of using certificates.
Looking through the source code and test cases <https://github.com/akka/akka/blob/releasing-akka-stream-and-http-experimental-2.0-M1/akka-stream-tests/src/test/scala/akka/stream/io/TlsSpec.scala>, it appears you guys based your SslTls bidi flows off of JSSE. I am running on jdk 8, and it doesn't look like it supports PSK ciphers: val context = SSLContext.getInstance("TLS") context.init(null, null, null) context.getDefaultSSLParameters.getCipherSuites.toList.foreach(println) [info] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [info] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [info] TLS_RSA_WITH_AES_128_CBC_SHA256 [info] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 [info] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 [info] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 [info] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [info] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [info] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA [info] TLS_RSA_WITH_AES_128_CBC_SHA [info] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA [info] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA [info] TLS_DHE_RSA_WITH_AES_128_CBC_SHA [info] TLS_DHE_DSS_WITH_AES_128_CBC_SHA [info] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA [info] TLS_ECDHE_RSA_WITH_RC4_128_SHA [info] SSL_RSA_WITH_RC4_128_SHA [info] TLS_ECDH_ECDSA_WITH_RC4_128_SHA [info] TLS_ECDH_RSA_WITH_RC4_128_SHA [info] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [info] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [info] TLS_RSA_WITH_AES_128_GCM_SHA256 [info] TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 [info] TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 [info] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [info] TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 [info] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA [info] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA [info] SSL_RSA_WITH_3DES_EDE_CBC_SHA [info] TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA [info] TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA [info] SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA [info] SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA [info] SSL_RSA_WITH_RC4_128_MD5 [info] TLS_EMPTY_RENEGOTIATION_INFO_SCSV val cipherSuites = NegotiateNewSession.withCipherSuites("TLS_PSK_WITH_AES_128_CBC_SHA") val clientTls = SslTls(context, cipherSuites, Client) // eventually produces the following error: Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_PSK_WITH_AES_128_CBC_SHA [info] at sun.security.ssl.CipherSuite.valueOf(CipherSuite.java:237) [info] at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:82) [info] at sun.security.ssl.SSLEngineImpl.setEnabledCipherSuites(SSLEngineImpl.java:2018) [info] at akka.stream.impl.io.SslTlsCipherActor$$anonfun$applySessionParameters$1.apply(SslTlsCipherActor.scala:156) It doesn't seem like I'd be able to integrate bouncycastle as it is a JCE provider instead of JSSE. I'm relatively new to akka-streams and JSSE, so if I'm mistaken with anything here please let me know! Do you guys know how I'd go about implementing this use case using akka-streams? Any help is appreciated - thanks! -Chris -- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to akka-user+unsubscr...@googlegroups.com. To post to this group, send email to akka-user@googlegroups.com. Visit this group at http://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/d/optout.
