Re: Java Client/SSL.jar interop problems with SSLEAY.

David Brownell (db@Eng)
Mon, 05 Oct 1998 12:30:53 -0700

Note that Eric Young has had some curious
interpretations of the spec in that area in
the past -- hard to say what the problem
really is until more investigation happens.
That includes Sun knowing which versions of
all the packages you're using.

Also, Eric did go to considerable length
to ensure that everyone was aware of his
DHE_DSS support before it became part of
the mainstream SSLEay release around April,
and test against it. (With TLS support,
this was a critical issue since TLS made
DHE_DSS mandatory.)

Point being: right now, we may be better
advised to accept Eric's interpretation
than to do anything else, even if there
are other defensible interpretations of
the spec(s). It's that widely deployed.

- Dave

Jeff Nisewanger wrote:
>
> > Exception while reading/writing data Server key,
> > java.security.SignatureException: invalid encoding for signature
> > javax.net.ssl.SSLException: Server key, java.security.SignatureException:
> > invalid encoding for signature
> > at
> > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:157)
> > at sun.security.ssl.Handshaker.process_record(Compiled Code)
> > at sun.security.ssl.SSLSocketImpl.clearPipeline(Compiled Code)
> > at sun.security.ssl.SSLSocketImpl.write(Compiled Code)
> > at sun.security.ssl.AppOutputStream.write(Compiled Code)
> > at DH.<init>(Compiled Code)
> > at DH.main(DH.java:77)
>
> Sigh. This may be a bug in our handling of the signature element
> in the Server Key Exchange message in SSL_DHE_DSS_* cipher suites.
> Apparently we are not encoding/decoding the 16-bit length header before
> the signature bits correctly.
>
> > I'd be happy to mail the secserver file and certs if anyone is interested.
>
> Sure. Please send these to me directly.
>
>
>
> Jeff