[jira] [Commented] (KAFKA-3647) Unable to set a ssl provider

Wed, 04 May 2016 03:56:17 -0700 

    [ 
https://issues.apache.org/jira/browse/KAFKA-3647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15270467#comment-15270467
 ] 

Elvar commented on KAFKA-3647:
------------------------------

Tried recreating the JKS's and this is how I did it

{code}
Generate the CA cert and key:
openssl req -new -x509 -keyout ca.key -out ca.cert -days 3650 -subj 
"/C=IS/ST=Reykjavik/L=Reykjavik/O=M/OU=Mon/CN=kafka.local" -nodes


Import CA cert to server truststore:
keytool -keystore kafka.server.truststore.jks -alias CARoot -import -file 
ca.cert -storepass pass -noprompt
Import CA cert to client truststore:
keytool -keystore kafka.client.truststore.jks -alias CARoot -import -file 
ca.cert -storepass pass -noprompt


Create server keystore and key:
keytool -keystore kafka.server.keystore.jks -alias confluent-1 -validity 3650 
-genkey -storepass pass -keypass pass -dname "CN=confluent-1, OU=Mon, O=M, 
L=Reykjavik, S=Reykjavik, C=IS"
Create server CSR:
keytool -keystore kafka.server.keystore.jks -alias confluent-1 -certreq -file 
server.csr -storepass pass
Sign server CSR with CA key:
openssl x509 -req -CA ca.cert -CAkey ca.key -in server.csr -out server.signed 
-days 3650 -CAcreateserial -passin pass:pass
Import CA to the server keystore:
keytool -keystore kafka.server.keystore.jks -alias CARoot -import -file ca.cert 
-storepass pass -noprompt
Import signed server cert to server keystore:
keytool -keystore kafka.server.keystore.jks -alias confluent-1 -import -file 
server.signed -storepass pass -noprompt





Create client keystore and key:
keytool -keystore kafka.client.keystore.jks -alias workclient -validity 3650 
-genkey -storepass pass -keypass pass -dname "CN=workclient, OU=Mon, O=M, 
L=Reykjavik, S=Reykjavik, C=IS"
Create client CSR:
keytool -keystore kafka.client.keystore.jks -alias workclient -certreq -file 
client.csr -storepass pass
Sign client CSR with CA key:
openssl x509 -req -CA ca.cert -CAkey ca.key -in client.csr -out client.signed 
-days 3650 -CAcreateserial -passin pass:pass
Import CA cert to the client keystore:
keytool -keystore kafka.client.keystore.jks -alias CARoot -import -file ca.cert 
-storepass pass -noprompt
Import signed client cert to client keystore:
keytool -keystore kafka.client.keystore.jks -alias workclient -import -file 
client.signed -storepass pass -noprompt
{code}

sslscan still reports only DSS cyphers.

Using groovy and a simple command I am able to extract avialble ciphers in 
detail

{code}
groovy:000> 
java.security.Security.providers.each{p->p.getServices().each{s->println s}}
{code}

Here is my output

{code:collapse=true}
SUN: SecureRandom.NativePRNG -> sun.security.provider.NativePRNG

SUN: SecureRandom.SHA1PRNG -> sun.security.provider.SecureRandom
  attributes: {ImplementedIn=Software}

SUN: Signature.SHA1withDSA -> sun.security.provider.DSA$SHA1withDSA
  aliases: [DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA, SHAwithDSA, DSAWithSHA1, 
OID.1.2.840.10040.4.3, 1.2.840.10040.4.3, 1.3.14.3.2.13, 1.3.14.3.2.27]
  attributes: {ImplementedIn=Software, KeySize=1024, 
SupportedKeyClasses=java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey}

SUN: Signature.NONEwithDSA -> sun.security.provider.DSA$RawDSA
  aliases: [RawDSA]
  attributes: {KeySize=1024, 
SupportedKeyClasses=java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey}

SUN: Signature.SHA224withDSA -> sun.security.provider.DSA$SHA224withDSA
  aliases: [OID.2.16.840.1.101.3.4.3.1, 2.16.840.1.101.3.4.3.1]
  attributes: {KeySize=2048, 
SupportedKeyClasses=java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey}

SUN: Signature.SHA256withDSA -> sun.security.provider.DSA$SHA256withDSA
  aliases: [OID.2.16.840.1.101.3.4.3.2, 2.16.840.1.101.3.4.3.2]
  attributes: {KeySize=2048, 
SupportedKeyClasses=java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey}

SUN: KeyPairGenerator.DSA -> sun.security.provider.DSAKeyPairGenerator
  aliases: [OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, 1.3.14.3.2.12]
  attributes: {ImplementedIn=Software, KeySize=2048}

SUN: MessageDigest.MD2 -> sun.security.provider.MD2

SUN: MessageDigest.MD5 -> sun.security.provider.MD5
  attributes: {ImplementedIn=Software}

SUN: MessageDigest.SHA -> sun.security.provider.SHA
  aliases: [SHA-1, SHA1, 1.3.14.3.2.26, OID.1.3.14.3.2.26]
  attributes: {ImplementedIn=Software}

SUN: MessageDigest.SHA-224 -> sun.security.provider.SHA2$SHA224
  aliases: [2.16.840.1.101.3.4.2.4, OID.2.16.840.1.101.3.4.2.4]

SUN: MessageDigest.SHA-256 -> sun.security.provider.SHA2$SHA256
  aliases: [2.16.840.1.101.3.4.2.1, OID.2.16.840.1.101.3.4.2.1]

SUN: MessageDigest.SHA-384 -> sun.security.provider.SHA5$SHA384
  aliases: [2.16.840.1.101.3.4.2.2, OID.2.16.840.1.101.3.4.2.2]

SUN: MessageDigest.SHA-512 -> sun.security.provider.SHA5$SHA512
  aliases: [2.16.840.1.101.3.4.2.3, OID.2.16.840.1.101.3.4.2.3]

SUN: AlgorithmParameterGenerator.DSA -> 
sun.security.provider.DSAParameterGenerator
  attributes: {ImplementedIn=Software, KeySize=2048}

SUN: AlgorithmParameters.DSA -> sun.security.provider.DSAParameters
  aliases: [OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, 1.3.14.3.2.12]
  attributes: {ImplementedIn=Software}

SUN: KeyFactory.DSA -> sun.security.provider.DSAKeyFactory
  aliases: [OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, 1.3.14.3.2.12]
  attributes: {ImplementedIn=Software}

SUN: CertificateFactory.X.509 -> sun.security.provider.X509Factory
  aliases: [X509]
  attributes: {ImplementedIn=Software}

SUN: KeyStore.JKS -> sun.security.provider.JavaKeyStore$JKS
  attributes: {ImplementedIn=Software}

SUN: KeyStore.CaseExactJKS -> sun.security.provider.JavaKeyStore$CaseExactJKS

SUN: Policy.JavaPolicy -> sun.security.provider.PolicySpiFile

SUN: Configuration.JavaLoginConfig -> sun.security.provider.ConfigSpiFile

SUN: CertPathBuilder.PKIX -> sun.security.provider.certpath.SunCertPathBuilder
  attributes: {ValidationAlgorithm=RFC3280, ImplementedIn=Software}

SUN: CertPathValidator.PKIX -> 
sun.security.provider.certpath.PKIXCertPathValidator
  attributes: {ValidationAlgorithm=RFC3280, ImplementedIn=Software}

SUN: CertStore.LDAP -> sun.security.provider.certpath.ldap.LDAPCertStore
  attributes: {ImplementedIn=Software, LDAPSchema=RFC2587}

SUN: CertStore.Collection -> sun.security.provider.certpath.CollectionCertStore
  attributes: {ImplementedIn=Software}

SUN: CertStore.com.sun.security.IndexedCollection -> 
sun.security.provider.certpath.IndexedCollectionCertStore
  attributes: {ImplementedIn=Software}

SunRsaSign: Signature.SHA1withRSA -> sun.security.rsa.RSASignature$SHA1withRSA
  aliases: [1.2.840.113549.1.1.5, OID.1.2.840.113549.1.1.5, 1.3.14.3.2.29]
  attributes: 
{SupportedKeyClasses=java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey}

SunRsaSign: Signature.MD5withRSA -> sun.security.rsa.RSASignature$MD5withRSA
  aliases: [1.2.840.113549.1.1.4, OID.1.2.840.113549.1.1.4]
  attributes: 
{SupportedKeyClasses=java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey}

SunRsaSign: Signature.MD2withRSA -> sun.security.rsa.RSASignature$MD2withRSA
  aliases: [1.2.840.113549.1.1.2, OID.1.2.840.113549.1.1.2]
  attributes: 
{SupportedKeyClasses=java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey}

SunRsaSign: KeyFactory.RSA -> sun.security.rsa.RSAKeyFactory
  aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1]

SunRsaSign: Signature.SHA256withRSA -> 
sun.security.rsa.RSASignature$SHA256withRSA
  aliases: [OID.1.2.840.113549.1.1.11, 1.2.840.113549.1.1.11]
  attributes: 
{SupportedKeyClasses=java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey}

SunRsaSign: KeyPairGenerator.RSA -> sun.security.rsa.RSAKeyPairGenerator
  aliases: [OID.1.2.840.113549.1.1, 1.2.840.113549.1.1]

SunRsaSign: Signature.SHA512withRSA -> 
sun.security.rsa.RSASignature$SHA512withRSA
  aliases: [1.2.840.113549.1.1.13, OID.1.2.840.113549.1.1.13]
  attributes: 
{SupportedKeyClasses=java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey}

SunRsaSign: Signature.SHA384withRSA -> 
sun.security.rsa.RSASignature$SHA384withRSA
  aliases: [OID.1.2.840.113549.1.1.12, 1.2.840.113549.1.1.12]
  attributes: 
{SupportedKeyClasses=java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey}

SunRsaSign: Signature.SHA224withRSA -> 
sun.security.rsa.RSASignature$SHA224withRSA
  aliases: [1.2.840.113549.1.1.14, OID.1.2.840.113549.1.1.14]
  attributes: 
{SupportedKeyClasses=java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey}

SunEC: Signature.SHA224withECDSA -> sun.security.ec.ECDSASignature$SHA224
  aliases: [OID.1.2.840.10045.4.3.1, 1.2.840.10045.4.3.1]
  attributes: {ImplementedIn=Software, 
SupportedKeyClasses=java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey}

SunEC: Signature.SHA512withECDSA -> sun.security.ec.ECDSASignature$SHA512
  aliases: [OID.1.2.840.10045.4.3.4, 1.2.840.10045.4.3.4]
  attributes: {ImplementedIn=Software, 
SupportedKeyClasses=java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey}

SunEC: AlgorithmParameters.EC -> sun.security.ec.ECParameters
  aliases: [EllipticCurve]
  attributes: {ImplementedIn=Software, 
SupportedCurves=[secp112r1,1.3.132.0.6]|[secp112r2,1.3.132.0.7]|[secp128r1,1.3.132.0.28]|[secp128r2,1.3.132.0.29]|[secp160k1,1.3.132.0.9]|[secp160r1,1.3.132.0.8]|[secp160r2,1.3.132.0.30]|[secp192k1,1.3.132.0.31]|[secp192r1,NIST
 P-192,X9.62 
prime192v1,1.2.840.10045.3.1.1]|[secp224k1,1.3.132.0.32]|[secp224r1,NIST P-224
,1.3.132.0.33]|[secp256k1,1.3.132.0.10]|[secp256r1,NIST P-256,X9.62 
prime256v1,1.2.840.10045.3.1.7]|[secp384r1,NIST 
P-384,1.3.132.0.34]|[secp521r1,NIST P-521,1.3.132.0.35]|[X9.62 
prime192v2,1.2.840.10045.3.1.2]|[X9.62 prime192v3,1.2.840.10045.3.1.3]|[X9.62 
prime239v1,1.2.840.10045.3.1.4]|[X9.62 prime239v2,1.2.840.10045.3.1.5]|[X9.62 
prime239v3,1.2.840.100
45.3.1.6]|[sect113r1,1.3.132.0.4]|[sect113r2,1.3.132.0.5]|[sect131r1,1.3.132.0.22]|[sect131r2,1.3.132.0.23]|[sect163k1,NIST
 K-163,1.3.132.0.1]|[sect163r1,1.3.132.0.2]|[sect163r2,NIST 
B-163,1.3.132.0.15]|[sect193r1,1.3.132.0.24]|[sect193r2,1.3.132.0.25]|[sect233k1,NIST
 K-233,1.3.132.0.26]|[sect233r1,NIST 
B-233,1.3.132.0.27]|[sect239k1,1.3.132.0.3]|[sect283
k1,NIST K-283,1.3.132.0.16]|[sect283r1,NIST B-283,1.3.132.0.17]|[sect409k1,NIST 
K-409,1.3.132.0.36]|[sect409r1,NIST B-409,1.3.132.0.37]|[sect571k1,NIST 
K-571,1.3.132.0.38]|[sect571r1,NIST B-571,1.3.132.0.39]|[X9.62 
c2tnb191v1,1.2.840.10045.3.0.5]|[X9.62 c2tnb191v2,1.2.840.10045.3.0.6]|[X9.62 
c2tnb191v3,1.2.840.10045.3.0.7]|[X9.62 c2tnb239v1,1.2.840.10045.
3.0.11]|[X9.62 c2tnb239v2,1.2.840.10045.3.0.12]|[X9.62 
c2tnb239v3,1.2.840.10045.3.0.13]|[X9.62 c2tnb359v1,1.2.840.10045.3.0.18]|[X9.62 
c2tnb431r1,1.2.840.10045.3.0.20], KeySize=256}

SunEC: Signature.SHA384withECDSA -> sun.security.ec.ECDSASignature$SHA384
  aliases: [OID.1.2.840.10045.4.3.3, 1.2.840.10045.4.3.3]
  attributes: {ImplementedIn=Software, 
SupportedKeyClasses=java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey}

SunEC: KeyAgreement.ECDH -> sun.security.ec.ECDHKeyAgreement
  attributes: {ImplementedIn=Software, 
SupportedKeyClasses=java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey}

SunEC: Signature.NONEwithECDSA -> sun.security.ec.ECDSASignature$Raw
  attributes: {ImplementedIn=Software, 
SupportedKeyClasses=java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey}

SunEC: KeyPairGenerator.EC -> sun.security.ec.ECKeyPairGenerator
  aliases: [EllipticCurve]
  attributes: {ImplementedIn=Software, KeySize=256}

SunEC: Signature.SHA1withECDSA -> sun.security.ec.ECDSASignature$SHA1
  aliases: [1.2.840.10045.4.1, OID.1.2.840.10045.4.1]
  attributes: {ImplementedIn=Software, KeySize=256, 
SupportedKeyClasses=java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey}

SunEC: KeyFactory.EC -> sun.security.ec.ECKeyFactory
  aliases: [EllipticCurve]
  attributes: {ImplementedIn=Software}

SunEC: Signature.SHA256withECDSA -> sun.security.ec.ECDSASignature$SHA256
  aliases: [OID.1.2.840.10045.4.3.2, 1.2.840.10045.4.3.2]
  attributes: {ImplementedIn=Software, 
SupportedKeyClasses=java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey}

SunJSSE: KeyFactory.RSA -> sun.security.rsa.RSAKeyFactory
  aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1]

SunJSSE: KeyPairGenerator.RSA -> sun.security.rsa.RSAKeyPairGenerator
  aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1]

SunJSSE: Signature.MD2withRSA -> sun.security.rsa.RSASignature$MD2withRSA
  aliases: [1.2.840.113549.1.1.2, OID.1.2.840.113549.1.1.2]

SunJSSE: Signature.MD5withRSA -> sun.security.rsa.RSASignature$MD5withRSA
  aliases: [1.2.840.113549.1.1.4, OID.1.2.840.113549.1.1.4]

SunJSSE: Signature.SHA1withRSA -> sun.security.rsa.RSASignature$SHA1withRSA
  aliases: [1.2.840.113549.1.1.5, OID.1.2.840.113549.1.1.5, 1.3.14.3.2.29, 
OID.1.3.14.3.2.29]

SunJSSE: Signature.MD5andSHA1withRSA -> sun.security.ssl.RSASignature

SunJSSE: KeyManagerFactory.SunX509 -> 
sun.security.ssl.KeyManagerFactoryImpl$SunX509

SunJSSE: KeyManagerFactory.NewSunX509 -> 
sun.security.ssl.KeyManagerFactoryImpl$X509
  aliases: [PKIX]

SunJSSE: TrustManagerFactory.SunX509 -> 
sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory

SunJSSE: TrustManagerFactory.PKIX -> 
sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory
  aliases: [SunPKIX, X509, X.509]

SunJSSE: SSLContext.TLSv1 -> sun.security.ssl.SSLContextImpl$TLS10Context
  aliases: [TLS, SSL, SSLv3]

SunJSSE: SSLContext.TLSv1.1 -> sun.security.ssl.SSLContextImpl$TLS11Context

SunJSSE: SSLContext.TLSv1.2 -> sun.security.ssl.SSLContextImpl$TLS12Context

SunJSSE: SSLContext.Default -> sun.security.ssl.SSLContextImpl$DefaultSSLContext

SunJSSE: KeyStore.PKCS12 -> sun.security.pkcs12.PKCS12KeyStore

SunJCE: Cipher.RSA -> com.sun.crypto.provider.RSACipher
  attributes: 
{SupportedKeyClasses=java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey,
 
SupportedPaddings=NOPADDING|PKCS1PADDING|OAEPWITHMD5ANDMGF1PADDING|OAEPWITHSHA1ANDMGF1PADDING|OAEPWITHSHA-1ANDMGF1PADDING|OAEPWITHSHA-224ANDMGF1PADDING|OAEPWITHSHA-256ANDMGF1PADDING|OAEPWITHSHA-384ANDMGF1PADDING|OAEPWITHSHA-512ANDMGF1PADDING,
 S
upportedModes=ECB}

SunJCE: Cipher.DES -> com.sun.crypto.provider.DESCipher
  attributes: {SupportedKeyFormats=RAW, 
SupportedPaddings=NOPADDING|PKCS5PADDING|ISO10126PADDING, 
SupportedModes=ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64}

SunJCE: Cipher.DESede -> com.sun.crypto.provider.DESedeCipher
  aliases: [TripleDES]
  attributes: {SupportedKeyFormats=RAW, 
SupportedPaddings=NOPADDING|PKCS5PADDING|ISO10126PADDING, 
SupportedModes=ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64}

SunJCE: Cipher.DESedeWrap -> com.sun.crypto.provider.DESedeWrapCipher
  attributes: {SupportedKeyFormats=RAW, SupportedPaddings=NOPADDING, 
SupportedModes=CBC}

SunJCE: Cipher.PBEWithMD5AndDES -> 
com.sun.crypto.provider.PBEWithMD5AndDESCipher
  aliases: [OID.1.2.840.113549.1.5.3, 1.2.840.113549.1.5.3]

SunJCE: Cipher.PBEWithMD5AndTripleDES -> 
com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher

SunJCE: Cipher.PBEWithSHA1AndRC2_40 -> 
com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40
  aliases: [OID.1.2.840.113549.1.12.1.6, 1.2.840.113549.1.12.1.6]

SunJCE: Cipher.PBEWithSHA1AndDESede -> 
com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede
  aliases: [OID.1.2.840.113549.1.12.1.3, 1.2.840.113549.1.12.1.3]

SunJCE: Cipher.Blowfish -> com.sun.crypto.provider.BlowfishCipher
  attributes: {SupportedKeyFormats=RAW, 
SupportedPaddings=NOPADDING|PKCS5PADDING|ISO10126PADDING, 
SupportedModes=ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64}

SunJCE: Cipher.AES -> com.sun.crypto.provider.AESCipher$General
  aliases: [Rijndael]
  attributes: {SupportedKeyFormats=RAW, 
SupportedPaddings=NOPADDING|PKCS5PADDING|ISO10126PADDING, 
SupportedModes=ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128}

SunJCE: Cipher.AES_128/ECB/NoPadding -> 
com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding
  aliases: [2.16.840.1.101.3.4.1.1, OID.2.16.840.1.101.3.4.1.1]

SunJCE: Cipher.AES_128/CBC/NoPadding -> 
com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding
  aliases: [2.16.840.1.101.3.4.1.2, OID.2.16.840.1.101.3.4.1.2]

SunJCE: Cipher.AES_128/OFB/NoPadding -> 
com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding
  aliases: [2.16.840.1.101.3.4.1.3, OID.2.16.840.1.101.3.4.1.3]

SunJCE: Cipher.AES_128/CFB/NoPadding -> 
com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding
  aliases: [2.16.840.1.101.3.4.1.4, OID.2.16.840.1.101.3.4.1.4]

SunJCE: Cipher.AES_192/ECB/NoPadding -> 
com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding
  aliases: [2.16.840.1.101.3.4.1.21, OID.2.16.840.1.101.3.4.1.21]

SunJCE: Cipher.AES_192/CBC/NoPadding -> 
com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding
  aliases: [2.16.840.1.101.3.4.1.22, OID.2.16.840.1.101.3.4.1.22]

SunJCE: Cipher.AES_192/OFB/NoPadding -> 
com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding
  aliases: [2.16.840.1.101.3.4.1.23, OID.2.16.840.1.101.3.4.1.23]

SunJCE: Cipher.AES_192/CFB/NoPadding -> 
com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding
  aliases: [2.16.840.1.101.3.4.1.24, OID.2.16.840.1.101.3.4.1.24]

SunJCE: Cipher.AES_256/ECB/NoPadding -> 
com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding
  aliases: [2.16.840.1.101.3.4.1.41, OID.2.16.840.1.101.3.4.1.41]

SunJCE: Cipher.AES_256/CBC/NoPadding -> 
com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding
  aliases: [2.16.840.1.101.3.4.1.42, OID.2.16.840.1.101.3.4.1.42]

SunJCE: Cipher.AES_256/OFB/NoPadding -> 
com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding
  aliases: [2.16.840.1.101.3.4.1.43, OID.2.16.840.1.101.3.4.1.43]

SunJCE: Cipher.AES_256/CFB/NoPadding -> 
com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding
  aliases: [2.16.840.1.101.3.4.1.44, OID.2.16.840.1.101.3.4.1.44]

SunJCE: Cipher.AESWrap -> com.sun.crypto.provider.AESWrapCipher$General
  attributes: {SupportedKeyFormats=RAW, SupportedPaddings=NOPADDING, 
SupportedModes=ECB}

SunJCE: Cipher.AESWrap_128 -> com.sun.crypto.provider.AESWrapCipher$AES128
  aliases: [2.16.840.1.101.3.4.1.5, OID.2.16.840.1.101.3.4.1.5]

SunJCE: Cipher.AESWrap_192 -> com.sun.crypto.provider.AESWrapCipher$AES192
  aliases: [2.16.840.1.101.3.4.1.25, OID.2.16.840.1.101.3.4.1.25]

SunJCE: Cipher.AESWrap_256 -> com.sun.crypto.provider.AESWrapCipher$AES256
  aliases: [2.16.840.1.101.3.4.1.45, OID.2.16.840.1.101.3.4.1.45]

SunJCE: Cipher.RC2 -> com.sun.crypto.provider.RC2Cipher
  attributes: {SupportedKeyFormats=RAW, 
SupportedPaddings=NOPADDING|PKCS5PADDING|ISO10126PADDING, 
SupportedModes=ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64}

SunJCE: Cipher.ARCFOUR -> com.sun.crypto.provider.ARCFOURCipher
  aliases: [RC4]
  attributes: {SupportedKeyFormats=RAW, SupportedPaddings=NOPADDING, 
SupportedModes=ECB}

SunJCE: KeyGenerator.DES -> com.sun.crypto.provider.DESKeyGenerator

SunJCE: KeyGenerator.DESede -> com.sun.crypto.provider.DESedeKeyGenerator
  aliases: [TripleDES]

SunJCE: KeyGenerator.Blowfish -> com.sun.crypto.provider.BlowfishKeyGenerator

SunJCE: KeyGenerator.AES -> com.sun.crypto.provider.AESKeyGenerator
  aliases: [Rijndael]

SunJCE: KeyGenerator.RC2 -> 
com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator

SunJCE: KeyGenerator.ARCFOUR -> 
com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator
  aliases: [RC4]

SunJCE: KeyGenerator.HmacMD5 -> com.sun.crypto.provider.HmacMD5KeyGenerator

SunJCE: KeyGenerator.HmacSHA1 -> com.sun.crypto.provider.HmacSHA1KeyGenerator
  aliases: [OID.1.2.840.113549.2.7, 1.2.840.113549.2.7]

SunJCE: KeyGenerator.HmacSHA224 -> 
com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224
  aliases: [OID.1.2.840.113549.2.8, 1.2.840.113549.2.8]

SunJCE: KeyGenerator.HmacSHA256 -> 
com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256
  aliases: [OID.1.2.840.113549.2.9, 1.2.840.113549.2.9]

SunJCE: KeyGenerator.HmacSHA384 -> 
com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384
  aliases: [OID.1.2.840.113549.2.10, 1.2.840.113549.2.10]

SunJCE: KeyGenerator.HmacSHA512 -> 
com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512
  aliases: [OID.1.2.840.113549.2.11, 1.2.840.113549.2.11]

SunJCE: KeyPairGenerator.DiffieHellman -> 
com.sun.crypto.provider.DHKeyPairGenerator
  aliases: [DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1]

SunJCE: AlgorithmParameterGenerator.DiffieHellman -> 
com.sun.crypto.provider.DHParameterGenerator
  aliases: [DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1]

SunJCE: KeyAgreement.DiffieHellman -> com.sun.crypto.provider.DHKeyAgreement
  aliases: [DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1]
  attributes: 
{SupportedKeyClasses=javax.crypto.interfaces.DHPublicKey|javax.crypto.interfaces.DHPrivateKey}

SunJCE: AlgorithmParameters.DiffieHellman -> 
com.sun.crypto.provider.DHParameters
  aliases: [DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1]

SunJCE: AlgorithmParameters.DES -> com.sun.crypto.provider.DESParameters

SunJCE: AlgorithmParameters.DESede -> com.sun.crypto.provider.DESedeParameters
  aliases: [TripleDES]

SunJCE: AlgorithmParameters.PBE -> com.sun.crypto.provider.PBEParameters

SunJCE: AlgorithmParameters.PBEWithMD5AndDES -> 
com.sun.crypto.provider.PBEParameters
  aliases: [OID.1.2.840.113549.1.5.3, 1.2.840.113549.1.5.3]

SunJCE: AlgorithmParameters.PBEWithMD5AndTripleDES -> 
com.sun.crypto.provider.PBEParameters

SunJCE: AlgorithmParameters.PBEWithSHA1AndDESede -> 
com.sun.crypto.provider.PBEParameters
  aliases: [OID.1.2.840.113549.1.12.1.3, 1.2.840.113549.1.12.1.3]

SunJCE: AlgorithmParameters.PBEWithSHA1AndRC2_40 -> 
com.sun.crypto.provider.PBEParameters
  aliases: [OID.1.2.840.113549.1.12.1.6, 1.2.840.113549.1.12.1.6]

SunJCE: AlgorithmParameters.Blowfish -> 
com.sun.crypto.provider.BlowfishParameters

SunJCE: AlgorithmParameters.AES -> com.sun.crypto.provider.AESParameters
  aliases: [Rijndael]

SunJCE: AlgorithmParameters.RC2 -> com.sun.crypto.provider.RC2Parameters

SunJCE: AlgorithmParameters.OAEP -> com.sun.crypto.provider.OAEPParameters

SunJCE: KeyFactory.DiffieHellman -> com.sun.crypto.provider.DHKeyFactory
  aliases: [DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1]

SunJCE: SecretKeyFactory.DES -> com.sun.crypto.provider.DESKeyFactory

SunJCE: SecretKeyFactory.DESede -> com.sun.crypto.provider.DESedeKeyFactory
  aliases: [TripleDES]

SunJCE: SecretKeyFactory.PBEWithMD5AndDES -> 
com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES
  aliases: [OID.1.2.840.113549.1.5.3, 1.2.840.113549.1.5.3, PBE]

SunJCE: SecretKeyFactory.PBEWithMD5AndTripleDES -> 
com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES

SunJCE: SecretKeyFactory.PBEWithSHA1AndDESede -> 
com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede
  aliases: [OID.1.2.840.113549.1.12.1.3, 1.2.840.113549.1.12.1.3]

SunJCE: SecretKeyFactory.PBEWithSHA1AndRC2_40 -> 
com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40
  aliases: [OID.1.2.840.113549.1.12.1.6, 1.2.840.113549.1.12.1.6]

SunJCE: SecretKeyFactory.PBKDF2WithHmacSHA1 -> 
com.sun.crypto.provider.PBKDF2HmacSHA1Factory
  aliases: [OID.1.2.840.113549.1.5.12, 1.2.840.113549.1.5.12]

SunJCE: Mac.HmacMD5 -> com.sun.crypto.provider.HmacMD5
  attributes: {SupportedKeyFormats=RAW}

SunJCE: Mac.HmacSHA1 -> com.sun.crypto.provider.HmacSHA1
  aliases: [OID.1.2.840.113549.2.7, 1.2.840.113549.2.7]
  attributes: {SupportedKeyFormats=RAW}

SunJCE: Mac.HmacSHA224 -> com.sun.crypto.provider.HmacCore$HmacSHA224
  aliases: [OID.1.2.840.113549.2.8, 1.2.840.113549.2.8]
  attributes: {SupportedKeyFormats=RAW}

SunJCE: Mac.HmacSHA256 -> com.sun.crypto.provider.HmacCore$HmacSHA256
  aliases: [OID.1.2.840.113549.2.9, 1.2.840.113549.2.9]
  attributes: {SupportedKeyFormats=RAW}

SunJCE: Mac.HmacSHA384 -> com.sun.crypto.provider.HmacCore$HmacSHA384
  aliases: [OID.1.2.840.113549.2.10, 1.2.840.113549.2.10]
  attributes: {SupportedKeyFormats=RAW}

SunJCE: Mac.HmacSHA512 -> com.sun.crypto.provider.HmacCore$HmacSHA512
  aliases: [OID.1.2.840.113549.2.11, 1.2.840.113549.2.11]
  attributes: {SupportedKeyFormats=RAW}

SunJCE: Mac.HmacPBESHA1 -> com.sun.crypto.provider.HmacPKCS12PBESHA1
  attributes: {SupportedKeyFormats=RAW}

SunJCE: Mac.SslMacMD5 -> com.sun.crypto.provider.SslMacCore$SslMacMD5
  attributes: {SupportedKeyFormats=RAW}

SunJCE: Mac.SslMacSHA1 -> com.sun.crypto.provider.SslMacCore$SslMacSHA1
  attributes: {SupportedKeyFormats=RAW}

SunJCE: KeyStore.JCEKS -> com.sun.crypto.provider.JceKeyStore

SunJCE: KeyGenerator.SunTlsPrf -> com.sun.crypto.provider.TlsPrfGenerator$V10

SunJCE: KeyGenerator.SunTls12Prf -> com.sun.crypto.provider.TlsPrfGenerator$V12

SunJCE: KeyGenerator.SunTlsMasterSecret -> 
com.sun.crypto.provider.TlsMasterSecretGenerator
  aliases: [SunTls12MasterSecret]

SunJCE: KeyGenerator.SunTlsKeyMaterial -> 
com.sun.crypto.provider.TlsKeyMaterialGenerator
  aliases: [SunTls12KeyMaterial]

SunJCE: KeyGenerator.SunTlsRsaPremasterSecret -> 
com.sun.crypto.provider.TlsRsaPremasterSecretGenerator
  aliases: [SunTls12RsaPremasterSecret]

SunJGSS: GssApiMechanism.1.2.840.113554.1.2.2 -> 
sun.security.jgss.krb5.Krb5MechFactory

SunJGSS: GssApiMechanism.1.3.6.1.5.5.2 -> 
sun.security.jgss.spnego.SpNegoMechFactory

SunSASL: SaslClientFactory.DIGEST-MD5 -> 
com.sun.security.sasl.digest.FactoryImpl

SunSASL: SaslClientFactory.NTLM -> com.sun.security.sasl.ntlm.FactoryImpl

SunSASL: SaslClientFactory.GSSAPI -> com.sun.security.sasl.gsskerb.FactoryImpl

SunSASL: SaslClientFactory.EXTERNAL -> com.sun.security.sasl.ClientFactoryImpl

SunSASL: SaslClientFactory.PLAIN -> com.sun.security.sasl.ClientFactoryImpl

SunSASL: SaslClientFactory.CRAM-MD5 -> com.sun.security.sasl.ClientFactoryImpl

SunSASL: SaslServerFactory.CRAM-MD5 -> com.sun.security.sasl.ServerFactoryImpl

SunSASL: SaslServerFactory.GSSAPI -> com.sun.security.sasl.gsskerb.FactoryImpl

SunSASL: SaslServerFactory.DIGEST-MD5 -> 
com.sun.security.sasl.digest.FactoryImpl

SunSASL: SaslServerFactory.NTLM -> com.sun.security.sasl.ntlm.FactoryImpl

XMLDSig: TransformService.http://www.w3.org/2002/06/xmldsig-filter2 -> 
org.jcp.xml.dsig.internal.dom.DOMXPathFilter2Transform
  aliases: [XPATH2]
  attributes: {MechanismType=DOM}

XMLDSig: TransformService.http://www.w3.org/2000/09/xmldsig#enveloped-signature 
-> org.jcp.xml.dsig.internal.dom.DOMEnvelopedTransform
  aliases: [ENVELOPED]
  attributes: {MechanismType=DOM}

XMLDSig: TransformService.http://www.w3.org/2001/10/xml-exc-c14n#WithComments 
-> org.jcp.xml.dsig.internal.dom.DOMExcC14NMethod
  aliases: [EXCLUSIVE_WITH_COMMENTS]
  attributes: {MechanismType=DOM}

XMLDSig: TransformService.http://www.w3.org/2001/10/xml-exc-c14n# -> 
org.jcp.xml.dsig.internal.dom.DOMExcC14NMethod
  aliases: [EXCLUSIVE]
  attributes: {MechanismType=DOM}

XMLDSig: 
TransformService.http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments 
-> org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod
  aliases: [INCLUSIVE_WITH_COMMENTS]
  attributes: {MechanismType=DOM}

XMLDSig: XMLSignatureFactory.DOM -> 
org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory

XMLDSig: TransformService.http://www.w3.org/2006/12/xml-c14n11 -> 
org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14N11Method
  attributes: {MechanismType=DOM}

XMLDSig: TransformService.http://www.w3.org/2000/09/xmldsig#base64 -> 
org.jcp.xml.dsig.internal.dom.DOMBase64Transform
  aliases: [BASE64]
  attributes: {MechanismType=DOM}

XMLDSig: TransformService.http://www.w3.org/TR/2001/REC-xml-c14n-20010315 -> 
org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod
  aliases: [INCLUSIVE]
  attributes: {MechanismType=DOM}

XMLDSig: TransformService.http://www.w3.org/TR/1999/REC-xpath-19991116 -> 
org.jcp.xml.dsig.internal.dom.DOMXPathTransform
  aliases: [XPATH]
  attributes: {MechanismType=DOM}

XMLDSig: TransformService.http://www.w3.org/TR/1999/REC-xslt-19991116 -> 
org.jcp.xml.dsig.internal.dom.DOMXSLTTransform
  aliases: [XSLT]
  attributes: {MechanismType=DOM}

XMLDSig: TransformService.http://www.w3.org/2006/12/xml-c14n11#WithComments -> 
org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14N11Method
  attributes: {MechanismType=DOM}

XMLDSig: KeyInfoFactory.DOM -> org.jcp.xml.dsig.internal.dom.DOMKeyInfoFactory

SunPCSC: TerminalFactory.PC/SC -> sun.security.smartcardio.SunPCSC$Factory
{code}

> Unable to set a ssl provider
> ----------------------------
>
>                 Key: KAFKA-3647
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3647
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.9.0.1
>         Environment: Centos, OracleJRE 8, Vagrant
>            Reporter: Elvar
>
> When defining a ssl provider Kafka does not start because the provider was 
> not found.
> {code}
> [2016-05-02 13:48:48,252] FATAL [Kafka Server 11], Fatal error during 
> KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
> org.apache.kafka.common.KafkaException: 
> org.apache.kafka.common.KafkaException: 
> java.security.NoSuchProviderException: no such provider: sun.security.ec.SunEC
>         at 
> org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:44)
> {code}
> To test
> {code}
> /bin/kafka-server-start /etc/kafka/server.properties --override 
> ssl.provider=sun.security.ec.SunEC
> {code}
> This is stopping us from talking to Kafka with SSL from Go programs because 
> no common cipher suites are available.
> Using sslscan this is available from Kafka
> {code}
>  Supported Server Cipher(s):
>    Accepted  TLSv1  256 bits  DHE-DSS-AES256-SHA
>    Accepted  TLSv1  128 bits  DHE-DSS-AES128-SHA
>    Accepted  TLSv1  128 bits  EDH-DSS-DES-CBC3-SHA
>    Accepted  TLS11  256 bits  DHE-DSS-AES256-SHA
>    Accepted  TLS11  128 bits  DHE-DSS-AES128-SHA
>    Accepted  TLS11  128 bits  EDH-DSS-DES-CBC3-SHA
>    Accepted  TLS12  256 bits  DHE-DSS-AES256-GCM-SHA384
>    Accepted  TLS12  256 bits  DHE-DSS-AES256-SHA256
>    Accepted  TLS12  256 bits  DHE-DSS-AES256-SHA
>    Accepted  TLS12  128 bits  DHE-DSS-AES128-GCM-SHA256
>    Accepted  TLS12  128 bits  DHE-DSS-AES128-SHA256
>    Accepted  TLS12  128 bits  DHE-DSS-AES128-SHA
>    Accepted  TLS12  128 bits  EDH-DSS-DES-CBC3-SHA
>  Preferred Server Cipher(s):
>    SSLv2  0 bits    (NONE)
>    TLSv1  256 bits  DHE-DSS-AES256-SHA
>    TLS11  256 bits  DHE-DSS-AES256-SHA
>    TLS12  256 bits  DHE-DSS-AES256-GCM-SHA384
> {code}
> From the Golang documentation these are avilable there
> {code}
>         TLS_RSA_WITH_RC4_128_SHA                uint16 = 0x0005
>         TLS_RSA_WITH_3DES_EDE_CBC_SHA           uint16 = 0x000a
>         TLS_RSA_WITH_AES_128_CBC_SHA            uint16 = 0x002f
>         TLS_RSA_WITH_AES_256_CBC_SHA            uint16 = 0x0035
>         TLS_RSA_WITH_AES_128_GCM_SHA256         uint16 = 0x009c
>         TLS_RSA_WITH_AES_256_GCM_SHA384         uint16 = 0x009d
>         TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        uint16 = 0xc007
>         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    uint16 = 0xc009
>         TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    uint16 = 0xc00a
>         TLS_ECDHE_RSA_WITH_RC4_128_SHA          uint16 = 0xc011
>         TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     uint16 = 0xc012
>         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      uint16 = 0xc013
>         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      uint16 = 0xc014
>         TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   uint16 = 0xc02f
>         TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b
>         TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   uint16 = 0xc030
>         TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to