Having trouble getting Oracle SSLEngineSimpleDemo.java working

Question

I took the following example and moved code around so it is better simulating an actual client and actual a server where

• the server only has access to the trust store file
• the client only has access to the client keystore file

At least in TLS1v2, that is how it worked. After I rework the code so there are two SSL contexts(one server side and one client side), it blows up and does not work

 javax.net.ssl.SSLHandshakeException: No available authentication scheme

The code I reworked now reads like this

public SSLEngineSimpleDemo() throws Exception {

    File baseWorkingDir = FileFactory.getBaseWorkingDir();
    File keyStoreFile = FileFactory.newFile(baseWorkingDir, "src/test/resources/client2.keystore");

    char[] passphrase = "123456".toCharArray();

    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(keyStoreFile), passphrase);
    clientCtx = SSLContext.getInstance("TLS");

    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, passphrase);
    clientCtx.init(kmf.getKeyManagers(), null, null);

    File trustStoreFile = FileFactory.newFile(baseWorkingDir, "src/test/resources/server2.keystore");

    KeyStore ts = KeyStore.getInstance("JKS");
    ts.load(new FileInputStream(trustStoreFile), passphrase);
    serverCtx = SSLContext.getInstance("TLS");

    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
    tmf.init(ts);
    serverCtx.init(null, tmf.getTrustManagers(), null);
}

I have code like this that works on TLS1v2 so I am not sure why in TLS1v3, this is not working anymore.

• What do I have wrong here?
• Is my assumption correct in that the trustStoreFile is my private server key?
• Is my assumption correct in that the clientStoreFile is my public key?
• Is my assumption correct in that the server only needs the private key?
• Is my assumption correct in that the client only needs the public key?

Java version: /Library/Java/JavaVirtualMachines/jdk-11.0.5.jdk

Answer 1

The exception javax.net.ssl.SSLHandshakeException: No available authentication scheme happens when the operating system running your server doesn't support the authentication method the JVM is looking for.

Additionally, TLSv1.3 can be explicitly specified using when instantiating an SSL context.

Change your clientCtx = SSLContext.getInstance("TLS"); to clientCtx = SSLContext.getInstance("TLSv1.3");

and

serverCtx = SSLContext.getInstance("TLS"); to serverCtx = SSLContext.getInstance("TLSv1.3");

Note: SSLContext supports more options such as SSLv3,TLSv1,TLSv1.1,TLSv1.2

Answer 2

OMG, I am an idiot. The issue was my key generation script naming the first thing client2.keystore(Which was the server2.keystore).

once I fix script to generate the private key/public key par into server2.keystore(instead of the mistake of client2.keystore), export, import public key into client2.keystore, it all works.

I should have provided that script :(.