-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Peter,
On 1/10/20 2:07 PM, logo wrote: > Chris and Mark, > > >> Am 09.01.2020 um 21:49 schrieb Christopher Schultz >> <ch...@christopherschultz.net>: >> > All, > > On 1/9/20 3:45 PM, Christopher Schultz wrote: >>>> Mark and Peter, >>>> >>>> On 1/9/20 3:36 PM, Mark Thomas wrote: >>>>> On 09/01/2020 20:22, logo wrote: >>>>>> Mark, >>>>>> >>>>>>> Am 09.01.2020 um 20:36 schrieb Mark Thomas >>>>>>> <ma...@apache.org>: >>>>>>> >>>>>>> On 02/01/2020 09:24, logo wrote: >>>>>>> >>>>>>> <snip/> >>>>>>> >>>>>>>> The connector comes up correctly, is accessible >>>>>>>> through the browser but if I test the ssl setup, I >>>>>>>> get an error message that the key/cert may not be >>>>>>>> used for "Key agreement" >>>>>>>> >>>>>>>> See: testssl.sh <tomcat>:8443 >>>>>>>> >>>>>>>> Signature Algorithm ECDSA with SHA256 Server >>>>>>>> key size EC 256 bits Server key usage >>>>>>>> Digital Signature, Key Encipherment Certificate >>>>>>>> incorrectly used for key agreement Server extended >>>>>>>> key usage TLS Web Server Authentication, TLS Web >>>>>>>> Client Authentication >>>>>> >>>>>> The key usage error is caused by identifying ECDH_RSA >>>>>> ciphers on the connector… (most certainly an unexpected >>>>>> edge case, I’ve debugged it that far). That should not be >>>>>> the case - as it is an ECDSA Cert, right? >>>> >>>>> I don't think so. >>>> >>>>> I'm seeing ECHD/RSA ciphers in the output and I am not >>>>> getting that warning. >>>> >>>>> My reading of a couple of questions on stack exchange >>>>> suggests RSA vs DSA ciphers depends on how the CA signs the >>>>> cert. My test CA signs with RSA. >>>> > >> Root and Intermediate are RSA-signed. > >> Cert is: Signature Algorithm ECDSA with SHA256 Server key >> size EC 256 bits > > >>>> DSA is almost never used. Nearly 100% of keys in the world >>>> are plain-RSA or EC. I know of no CA that uses DSA for >>>> signing. So pretty much every cert you will come across will >>>> be EC-with-RSA or RSA-with-RSA (that's >>>> keytype-with-signature-type). > > Obviously, the above is a mixture of half-truths and irrelevant > information. I was thinking of RSA versus DSA keys, not ECDSA as a > signature algorithm in its own right. > >> Maybe I’m causing a lot of hassle by asking these questions. So >> far I was happy to get a cert with a key, drop it in the right >> spot and all worked well. If I stick to RSA that should stay like >> this. The choice of RSA versus ECDSA is really up to you. Modern TLS will use ECDH for key agreement regardless of the certificate. This is how you get your forward-secrecy and it's a Good Thing. RSA and ECDSA certs are only used for authentication (checking the identity and trust of the site). RSA requires more CPU time for an equivalent-strength ECSDA key, so the obvious choice is ECDSA, right? Well, maybe not. Evidently, RSA is more resistant to quantum attacks (which are officially theoretical ATM), so RSA with a big-old key is your best bet if you are wearing a nice, thick tin-foil hat. Frankly, since the authentication step is quite short compared to the bulk encryption (which usually uses AES or some similarly fast symmetric encryption algorithm), the choice comes down to user preference. There is no clear winner for RSA versus ECSDA for certificates. But all software should work with all available primitives. So if Tomcat can't handle this for some reason and you just happen to be the first person to hit it, let's get it fixed (with respect and thanks to markt's efforts). The last thing we need is a monoculture where everything is using ECDH for key agreement (which is, AIUI, mathematically correct), RSA for authentication, AES for encryption, and SHA256 for signing. IF everyone is using the same cipher suite, then it means (a) the Bad Guys have an obvious target and (b) any problem with the design or implementation of that cipher suite, TLS, or e.g. OpenSSL means that the whole world is suddenly vulnerable. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4bTf4ACgkQHPApP6U8 pFj3/A//QndJMeUl7fJLo/61IFaSLpHTvMEwRVPLBLGSNpAF+P4U8/gpWsHJtDGD T2PuVyKLLy/Skb69sgFzb1r+Un2+7pTTPp2M+hPEVH09wBVis2RDRefUJH/b5Eyp /gUp7f7o01UjHw484/ocTzRedlv5ZoHN+9V+7dNBXOuvucwu1YWnyO6gd9oHAZkj //Hopus4R/oS47wGY64fiwD2Xqr8FkxLx7c1zfWCiGETQF+Q2AYslccZE+5jevSs EZiqwmgHYbzJqikJxpqg80pX4lcXwZxUllvvpMCxvPndlB36Azy5p0DXsni42uet hjDpJEtQYsdABP5ODGivQEv/rucq7phaehNuobPJUtmIKiAmapDj8T2BSld1f0CB S85rSbSJGM5/hnv92t0sz3ZMZHKdJyiu73E2YMd31kBJtV94cV71sOcpCByN698c d59RTYVbqP7VsXP/1TYR4EaqIqyruPa3u1v6zx23/DlafWFCmvoxUiBXiozYZ/4F ePFJ2PiUXAyhy/WA3xTD95FbRqs+ip9W0P7VNiuPHLbSrumPpawy/AOXtYWxbsp9 PQdwdbu7oK8SuPCLSj4S/oFn6P+jZ1TJ+rZXZhuc+pjAprZVSI5J7VkupNmPDVNb STEjG/LwasiaJPkO8/AC6n3EVhMye8ZsXX2XIzhBs0m1TpGCumI= =18Im -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org