Jetty behaviour for Single domain with RSA and ECDSA certs

[DhruvAShah]

Jetty version(s) jetty-9.4.48.v20220622

Jetty Environment NA

Java version/vendor (use: java -version) openjdk version "1.8.0_362" OpenJDK Runtime Environment (build 1.8.0_362-b09) OpenJDK 64-Bit Server VM (build 25.362-b09, mixed mode)

OS type/version AlmaLinux release 8.6 (Sky Tiger)

Description We have below implementation on server side,

• Server (jetty version mentioned above) is configured with key store with both RSA and ECDSA certificates (SAN)
• Client communicates with server over IP address (without SNI) with cipher and signature algorithms sent with RSA over top

Current Behavior: Server communicates over ECDSA even when client prefers RSA as signature algorithm & Cipher as well

Expected Behavior: Server should communicate over RSA instead ECDSA

How to reproduce? Run the below command to reproduce the issue when server us configured for both ECDSA and RSA certificates for single domain, openssl s_client -connect ip:port -sigalgs RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ECDSA+SHA224:ed25519:ed448

Additional Comments :

• How does Jetty handle SSL/TLS communication for IP-based client connections(without SNI)?
• How does Jetty's load SSL_CTX , select certificates when both ECDSA and RSA are in the keystore?
• How do signature algorithms and ciphers work in Jetty SSL_CTX for IP-based clients without SNI?

[sbordet]

Jetty 9 is at End of Community Support, see #7958.

Please upgrade to Jetty 12 and a recent version of Java too.

Likely your problems will go away with a more modern version of Java.

[DhruvAShah]

Thanks @sbordet ! will sure consider your advice but do we have any answer to the same rather then option ti upgrade

[joakime]

@DhruvAShah no. Jetty 9 is at End of Community Support. If you want support for Jetty 9, then that is only available under a Support Contract.

• 7958

The only version of Jetty that is community supported right now is Jetty 12.

When using SSL/TLS on Java on the public internet is is absolutely critical to stay up to date with the Java JVM.

That's because the Java JVM does most of the heavy lifting with SSL/TLS and the Java JVM is updated very regularly to address industry wide changes in crypto quite frequently.

See: https://www.java.com/en/jre-jdk-cryptoroadmap.html

Also note from that crypto roadmap ..

• that RSA is severely hampered at the Java JVM level due to all manner of restrictions placed on it (eg: various minimum requirements of the TLS level, minimum requirements on the certificate, minimum requirements on the selected cipher suite, etc). Its effectively useless anymore, and getting a successful negotiation with RSA is quite rare. These restrictions also exist on just about every Browser implementation now, along with all manner of hardware intermediaries. (We know of no current Browser that is able to negotiate with RSA against a modern Java JVM)
• that ECDSA on OpenJDK is only available when backed with cipher suites that use ECDH* as well. The ECDH based cipher suites are severely restricted right now, and will be 100% disabled across Java on Oct 15th of 2024.

[DhruvAShah]

Thanks @joakime !! Can you atleast confirm that this version supports certificate signed with SHA-1 signature algorithms ?

[joakime]

@DhruvAShah read the JDK crypto roadmap - https://www.java.com/en/jre-jdk-cryptoroadmap.html Your questions are answered there.