Two SslContextFactory with Conscrypt, Client & Server TLSv1.3

[readonlynetwork]

Exception is thrown when I use Conscrypt provider with TLSv1.3 at different SslContextFactory object at the same time.

Client threw Error:

java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: java.lang.IllegalArgumentException: TLSv1.3
	at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118)
	at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:101)
	at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:683)
	at com.readonlynetwork.prepare.SelfSignedCert.main(SelfSignedCert.java:270)
Caused by: javax.net.ssl.SSLHandshakeException: java.lang.IllegalArgumentException: TLSv1.3
	at org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:361)
	at org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1158)
	at org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1113)
	at org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:861)
	at org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:733)
	at org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:698)
	at org.conscrypt.Java8EngineWrapper.unwrap(Java8EngineWrapper.java:236)
	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:578)
	at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:128)
	at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73)
	at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133)
	at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:155)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:427)
	at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:321)
	at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:132)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.cert.CertificateException: java.lang.IllegalArgumentException: TLSv1.3
	at org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1661)
	at org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
	at org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:531)
	at org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1119)
	at org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1103)
	... 23 more
Caused by: java.lang.IllegalArgumentException: TLSv1.3
	at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:258)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
	at org.conscrypt.Java7PlatformUtil.checkServerTrusted(Java7PlatformUtil.java:78)
	at org.conscrypt.Platform.checkServerTrusted(Platform.java:303)
	at org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1653)
	... 27 more

[readonlynetwork]

I use OpenJDK 1.8 and Conscrypt 2.0.0, Embedding Jetty HttpClient & HttpServer

2019-03-28 13:22:11.409:INFO::Thread-1: Logging initialized @1452ms to org.eclipse.jetty.util.log.StdErrLog
2019-03-28 13:22:11.638:INFO:oejs.Server:Thread-1: jetty-9.4.15.v20190215; built: 2019-02-15T16:53:49.381Z; git: eb70b240169fcf1abbd86af36482d1c49826fa0b; jvm 1.8.0_191-8u191-b12-2ubuntu0.18.04.1-b12
2019-03-28 13:22:11.678:INFO:oejsh.ContextHandler:Thread-1: Started o.e.j.s.h.ContextHandler@34f886fb{/stop,null,AVAILABLE,127.0.0.1}
2019-03-28 13:22:11.679:INFO:oejsh.ContextHandler:Thread-1: Started o.e.j.s.h.ContextHandler@4cc02011{/other,null,AVAILABLE}
2019-03-28 13:22:11.695:INFO:oejus.SslContextFactory:Thread-1: x509=X509@3ee11e05(server1,h=[server.name, testname2],w=[]) for SslContextFactory@61c6a19e[provider=Conscrypt,keyStore=null,trustStore=null]
2019-03-28 13:22:11.758:WARN:oejusS.config:Thread-1: No Client EndPointIdentificationAlgorithm configured for SslContextFactory@61c6a19e[provider=Conscrypt,keyStore=null,trustStore=null]
2019-03-28 13:22:11.779:INFO:oejs.AbstractConnector:Thread-1: Started ServerConnector@5be6ee6f{SSL,[ssl, http/1.1]}{0.0.0.0:50443}
2019-03-28 13:22:11.780:INFO:oejs.Server:Thread-1: Started @1822ms
2019-03-28 13:22:13.451:INFO:oejus.SslContextFactory:main: x509=X509@37374a5e(client,h=[testname],w=[]) for SslContextFactory@4671e53b[provider=Conscrypt,keyStore=null,trustStore=null]

[readonlynetwork]

• No error if I not use Conscrypt at the Client or at the Server OR I disable TLSv1.3 at the client or at the server.
• Same error if i not set scf.setIncludeProtocols(new String[] {"TLSv1.2", "TLSv1.3"}); at client.

Server:

SslContextFactory scf = new SslContextFactory();
//scf.setWantClientAuth(true);//no need just enabled
scf.setNeedClientAuth(true);
scf.setProvider("Conscrypt");//enable chacha20, x25519 and others BUT still disable SNI
scf.setKeyStorePassword(new String(keyPassword));
scf.setKeyStore(serverKeyStore);
scf.setTrustStore(clientTrustStore);
scf.setTrustStorePassword(null);
//scf.setCipherComparator(HTTP2Cipher.COMPARATOR);
scf.setEndpointIdentificationAlgorithm(null);// no check client name
//exclude
scf.addExcludeCipherSuites(".*NULL.*");
scf.addExcludeCipherSuites(".*RC4.*");
scf.addExcludeCipherSuites(".*MD5.*");
scf.addExcludeCipherSuites(".*SHA1.*");
scf.addExcludeCipherSuites(".*DES.*");
scf.addExcludeCipherSuites(".*DSS.*");
scf.addExcludeCipherSuites(".*RSA.*");
scf.addExcludeCipherSuites(".*ECDH_.*");
scf.addExcludeProtocols("SSL");
scf.addExcludeProtocols("SSLv2");
scf.addExcludeProtocols("SSLv2Hello");
scf.addExcludeProtocols("SSLv3");
scf.addExcludeProtocols("TLSv1");
scf.addExcludeProtocols("TLSv1.0");
scf.addExcludeProtocols("TLSv1.1");
//enabled
scf.setIncludeProtocols(new String[] {"TLSv1.2", "TLSv1.3"});
scf.setIncludeCipherSuites(new String[] {
		"TLS_AES_256_GCM_SHA384",//TLSv1.3
		"TLS_CHACHA20_POLY1305_SHA256",//TLSv1.3, Conscrypt
		"TLS_AES_128_GCM_SHA256",//TLSv1.3
		"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",//TLSv1.2
		"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",//TLSv1.2, Conscrypt
		"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"//TLSv1.2
});
//TLS renegotiation could be disabled too to prevent an attack based on this feature.
scf.setRenegotiationAllowed(false);

Client:

SslContextFactory scf = new SslContextFactory();
scf.setProvider("Conscrypt");//enable chacha20, x25519 and others BUT still disable SNI
scf.setKeyStorePassword(new String(keyPassword));
scf.setKeyStore(clientKeyStore);
scf.setTrustStore(clientTrustStore);
scf.setTrustStorePassword(null);
scf.setEndpointIdentificationAlgorithm("https");// check end point
//exclude
scf.addExcludeCipherSuites(".*NULL.*");
scf.addExcludeCipherSuites(".*RC4.*");
scf.addExcludeCipherSuites(".*MD5.*");
scf.addExcludeCipherSuites(".*SHA1.*");
scf.addExcludeCipherSuites(".*DES.*");
scf.addExcludeCipherSuites(".*DSS.*");
scf.addExcludeCipherSuites(".*ECDH_.*");
scf.addExcludeProtocols("SSL");
scf.addExcludeProtocols("SSLv2");
scf.addExcludeProtocols("SSLv2Hello");
scf.addExcludeProtocols("SSLv3");
scf.addExcludeProtocols("TLSv1");
scf.addExcludeProtocols("TLSv1.0");
scf.addExcludeProtocols("TLSv1.1");
//enabled
scf.setIncludeProtocols(new String[] {"TLSv1.2", "TLSv1.3"});
//TLS renegotiation could be disabled too to prevent an attack based on this feature.
scf.setRenegotiationAllowed(false);

[readonlynetwork]

Is it a Conscrypt bug?

[joakime]

jvm 1.8.0_191-8u191-b12-2ubuntu0.18.04.1-b12 <-- Java 8 does not support TLSv1.3 (Support in the JVM and Java APIs for TLSv1.3 was introduced in Java 11)
The fact that conscrypt uses org.conscrypt.Java7PlatformUtil is also telling that conscrypt is running in the older JVM and APIs (that was added in Java 11)

Try your experiments with conscrypt again, but use Java 12
But keep in mind ... https://webtide.com/openjdk-11-and-tls-1-3-issues/

[readonlynetwork]

But server still Work with 1.3, and I am able to connect to server with a chrome browser:

Certificate - missing
This site is missing a valid, trusted certificate (net::ERR_CERT_AUTHORITY_INVALID).
Connection - secure connection settings
The connection to this site is encrypted and authenticated using TLS 1.3, X25519, and AES_128_GCM.

[readonlynetwork]

Is it possible to get programmatically the SSL information from connection with Jetty Client? (Server cert, Cipher Suit etc.)

[readonlynetwork]

Is it possible to set trust manager in Jetty HttpClient?

If you want to use TLS 1.3 with Conscrypt on one of those versions, you need to use Conscrypt's trust manager... - Conscrypt

[joakime]

If you want to use TLS 1.3 with Conscrypt on one of those versions, you need to use Conscrypt's trust manager... - Conscrypt

Is it possible to set trust manager in Jetty HttpClient?

You could override the SslContextFactory to do that. (ugly, but we've never had the need to customize the TrustManager before this)

protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception

Make that return the TrustManager array you need SslContextFactory to use?

---

@gregw @sbordet is this something we want to make easier to configure in SslContextFactory ?
At a bare minimum we'd need to support the alternate usage with Provider on the TrustManagerFactory, aka TrustManagerFactory.getInstance(String algorithm, String provider).
See: https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/TrustManagerFactory.html#getInstance-java.lang.String-java.lang.String-

Conscrypt has it's own Provider specific TrustManagerFactory ... https://github.com/google/conscrypt/blob/master/common/src/main/java/org/conscrypt/TrustManagerFactoryImpl.java

[joakime]

@readonlynetwork can you try branch jetty-9.4.x-issue-3540-ssl-provider-consistency and see if it improves things for you?

[joakime]

@readonlynetwork note, the work on Issue #3540 has now been merged into jetty-9.4.x branch. (branch jetty-9.4.x-issue-3540-ssl-provider-consistency no longer exists)

[readonlynetwork]

So is it released as 9.4.16? Will it apear in maven as jetty-all (uber)? Then I will try it asap.

[joakime]

@readonlynetwork please use the jetty dependencies properly. jetty-all is meant for the tutorial section of the documentation, that's all it exists for.

https://www.eclipse.org/lists/jetty-users/msg06030.html

[readonlynetwork]

Conscrypt does not support scf.setEndpointIdentificationAlgorithm("https");
The default setting of SslContextFactory.Client with Conscrypt cause a error

[readonlynetwork]

It work well with TLSv1.3! Nice!
Is it possible to get the ssl session info from response at Jetty client?
Example from Java 11 api: https://docs.oracle.com/en/java/javase/11/docs/api/java.net.http/java/net/http/HttpResponse.html#sslSession()

[sbordet]

@readonlynetwork please open an new issue for the Response.sslSession() enhancement.

[readonlynetwork]

#3553

[joakime]

Closing this issue, as followup issue #3553 has been opened