New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TPS ECC: when TPS server acts as an ECC SSL client to CA, TKS, or DRM, it needs to support ECC ciphers and proper public key encoding #812
Comments
Comment from cfu (@cfu) at 2012-08-15 07:53:28 cipher list now match what other servers support |
Comment from cfu (@cfu) at 2012-08-15 07:55:20 Note: As stated in the Description. Most of the ciphers were already added. This patch match the ciphers to that of the other CS servers and were tested and verified with ssltap. |
Comment from cfu (@cfu) at 2012-08-23 23:00:19 RHCS81 ECC Errata checkin: httpClient]$ svn commit engine.cpp |
Comment from cfu (@cfu) at 2012-08-23 23:02:40 RHCS 8.2 checkin httpClient]$ svn commit |
Comment from cfu (@cfu) at 2012-08-24 00:40:12 DOGTAG_9_BRANCH checkin [cfu@glyph pki]$ git push |
Comment from cfu (@cfu) at 2012-08-24 00:49:37 master checkin httpClient]$ git push |
Comment from nkinder (@nkinder) at 2017-02-27 14:09:34 Metadata Update from @nkinder:
|
This issue was migrated from Pagure Issue #241. Originally filed by nkinder (@nkinder) on 2012-07-20 00:09:24:
TPS is a server to smart card tokens and clients, but it is also a client to the other CS subsystems (CA, DRM, TKS). When in the ECC environment, TPS currently does not have the ciphers nor does it do the correct public key encoding.
We need to make sure it does those things before it can talk to any of those servers.
investigation shows that the misleading NSS error: SEC_ERROR_INVALID_ALGORITHM (-8186) was actually caused by NSS token not logged in at startup. And the reason why it was not logged in was because the password was somehow not stored in the password.conf for some reason.
As for ECC ciphers, as it turns out, I have put in the ECC ciphers in this area last round (though most likely untested). The ciphers still need to be tidied up regardless, because it contains unsupported ciphers as well (they were clearly not cleaned up last round). The public key decryption flag was passed in correctly.
The bug will remain to capture the cipher clean up effort.
The text was updated successfully, but these errors were encountered: