Actions
Bug #306
closedTLS 1.2 Support
Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
05/30/2014
Due date:
% Done:
0%
Estimated time:
Reviewer:
Build Version:
Description
We want to force the eID-Clients connecting to Governikus Autent to use TLS 1.2 accordingly to TR-0316-4 section 2.1:
Für die Konformität zu dieser Technischen Richtlinie muss mindestens die TLS-Version 1.2 [15]
unterstützt werden. Eine TLS Session darf eine Lebensdauer von 2 Tagen nicht überschreiten. Dies
gilt auch bei der Verwendung von Session-Resumption.
It looks like that the Open eCard App does not support TLS 1.2, in Version 1.0.5:
2014-05-30 17:41:04,016 [Thread-4] ERROR o.o.c.module.tctoken.TCTokenGrabber:-1 - Connecting to the TCToken-URL with TLSv1.1 failed. Falling back to TLSv1.0. 2014-05-30 17:41:04,039 [Thread-4] ERROR o.o.c.b.h.h.HttpTCTokenHandler:-1 - Failed to fetch TCToken. org.openecard.control.module.tctoken.TCTokenException: Failed to fetch TCToken. at org.openecard.control.module.tctoken.GenericTCTokenHandler.parseTCTokenRequestURI(Unknown Source) ~[OpeneCardApp-1.0.5.jar:na] at org.openecard.control.module.tctoken.GenericTCTokenHandler.parseRequestURI(Unknown Source) ~[OpeneCardApp-1.0.5.jar:na] at org.openecard.control.binding.http.handler.HttpTCTokenHandler.handle(Unknown Source) [OpeneCardApp-1.0.5.jar:na] at org.openecard.apache.http.protocol.HttpService.doService(HttpService.java:375) [OpeneCardApp-1.0.5.jar:na] at org.openecard.apache.http.protocol.HttpService.handleRequest(HttpService.java:290) [OpeneCardApp-1.0.5.jar:na] at org.openecard.control.binding.http.HTTPService$1.run(Unknown Source) [OpeneCardApp-1.0.5.jar:na] Caused by: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:1.7.0_60] at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) ~[na:1.7.0_60] at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) ~[na:1.7.0_60] at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) ~[na:1.7.0_60] at java.net.Socket.connect(Socket.java:579) ~[na:1.7.0_60] at org.openecard.common.io.ProxySettings.getSocket(Unknown Source) ~[OpeneCardApp-1.0.5.jar:na] at org.openecard.control.module.tctoken.TCTokenGrabber.getStream(Unknown Source) ~[OpeneCardApp-1.0.5.jar:na] at org.openecard.control.module.tctoken.TCTokenGrabber.getResource(Unknown Source) ~[OpeneCardApp-1.0.5.jar:na] at org.openecard.control.module.tctoken.TCTokenGrabber.getResource(Unknown Source) ~[OpeneCardApp-1.0.5.jar:na] at org.openecard.control.module.tctoken.TCTokenFactory.generateTCToken(Unknown Source) ~[OpeneCardApp-1.0.5.jar:na] ... 6 common frames omitted
I tested this with our development server at: https://dev-demo.governikus-eid.de:8443/Autent-DemoApplication/
The software version installed there changes often and sometimes does not work.
Actions