Bug #362: prodpaos.governikus-eid.de does not work with TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - Common eID - Open eCard Development Center

Actions

Copy link

Bug #362

open

prodpaos.governikus-eid.de does not work with TLS_RSA_PSK_WITH_AES_256_CBC_SHA384

Added by Tobias Wich about 10 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

eID-Server

Start date:

11/13/2014

Due date:

% Done:

Estimated time:

Reviewer:

Description

A PAOS channel can not be established successfully with the server https://prodpaos.governikus-eid.de:443 in case the cipher suite TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 is used. The connection attempt fails with Decryption failed (21) after the first encrypted handshake message is sent to the server.
Tests with the same server revealed, that the following cipher suites work just fine:

TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
TLS_RSA_PSK_WITH_AES_256_CBC_SHA

This problem does not exist with the testserver at https://test.governikus-eid.de/Autent-DemoApplication/. There, the problematic cipher suite is used without any problems.

A build of the Open eCard App using this cipher suite can be found at https://files.ecsec.de/public.php?service=files&t=9d87270f5c9d953568db0640c7b844cb

Files

governikus_sha384.pcap (5.49 KB) governikus_sha384.pcap

Tobias Wich, 11/13/2014 02:16 PM

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Common eID

Watchers (1)

Bug #362

prodpaos.governikus-eid.de does not work with TLS_RSA_PSK_WITH_AES_256_CBC_SHA384