Project

General

Profile

Bug #362

prodpaos.governikus-eid.de does not work with TLS_RSA_PSK_WITH_AES_256_CBC_SHA384

Added by Tobias Wich almost 6 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
eID-Server
Start date:
11/13/2014
Due date:
% Done:

0%

Estimated time:
Reviewer:

Description

A PAOS channel can not be established successfully with the server https://prodpaos.governikus-eid.de:443 in case the cipher suite TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 is used. The connection attempt fails with Decryption failed (21) after the first encrypted handshake message is sent to the server.
Tests with the same server revealed, that the following cipher suites work just fine:
  • TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
  • TLS_RSA_PSK_WITH_AES_256_CBC_SHA

This problem does not exist with the testserver at https://test.governikus-eid.de/Autent-DemoApplication/. There, the problematic cipher suite is used without any problems.

A build of the Open eCard App using this cipher suite can be found at https://files.ecsec.de/public.php?service=files&t=9d87270f5c9d953568db0640c7b844cb


Files

governikus_sha384.pcap (5.49 KB) governikus_sha384.pcap Tobias Wich, 11/13/2014 02:16 PM

Also available in: Atom PDF