Investigate TLSv1.3 with Conscrypt

ejona86 commented 3 years ago

For some reason Conscrypt is incompatible with TLSv1.3 in ways that I wouldn't expect. It is known incompatible with the default TrustManager on older JDKs because those don't support TLSv1.3. But I explicitly constructed a TrustManagerFactory with the Conscrypt provider and passed it to sslContextBuilder.trustManager(TrustManagerFactory) and it still failed (the stack trace makes it seem like it didn't use the TrustManager I provided):

JDK 8u232 (TlsTest)

java.security.cert.CertificateException: java.lang.IllegalArgumentException: TLSv1.3
    at org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1654)
    at org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
    at org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:567)
    at org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1097)
    at org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1081)
    ... 26 more

    Caused by:
    java.lang.IllegalArgumentException: TLSv1.3
        at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:266)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
        at org.conscrypt.Platform.checkServerTrusted(Platform.java:330)
        at org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1646)
        ... 30 more

But there's incompatibilities with JDK 8u275, which supports TLSv1.3, which is super-unfortunate:

java.security.cert.CertificateException: Unknown authType: GENERIC
    at sun.security.validator.EndEntityChecker.checkTLSServer(EndEntityChecker.java:289)
    at sun.security.validator.EndEntityChecker.check(EndEntityChecker.java:144)
    at sun.security.validator.Validator.validate(Validator.java:284)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:278)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
    at org.conscrypt.Platform.checkServerTrusted(Platform.java:330)
    at org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1646)
    at org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
    at org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:567)
    at org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1097)
    at org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1081)

fbacchella commented 3 years ago

Conscrypt needs to use it's own TrustManager when talking to TLS 1.3. For my own code, I needed to explicitly resolve it, and uses the PKIX algorithm.

ejona86 commented 2 years ago

"Unknown authType: GENERIC" is discussed in https://github.com/google/conscrypt/issues/1033

rbebb commented 7 months ago

Out of curiosity, is TLS 1.3 support expected to be addressed?

grpc / grpc-java

Investigate TLSv1.3 with Conscrypt #7765