Giters

dogtagpki / jss

Network Security Services for Java is a Java interface to NSS

Home Page:https://dogtagpki.github.io/jss

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

JSSEngine.queryEnabledCipherSuites() generates unknown cipher warnings

edewata opened this issue · comments

commented

The JSSEngine.queryEnabledCipherSuites() generates the following warnings:

2021-07-02T18:29:32.7931657Z + pki -n caadmin ca-user-cert-add caagent --serial 0x7
2021-07-02T18:29:34.6674821Z WARNING: Unable to get the value of cipher: SSL2_RC4_128_WITH_MD5 (65281): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6678907Z WARNING: Unable to get the value of cipher: SSL2_RC4_128_EXPORT40_WITH_MD5 (65282): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6687405Z WARNING: Unable to get the value of cipher: SSL2_RC2_128_CBC_WITH_MD5 (65283): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6694609Z WARNING: Unable to get the value of cipher: SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 (65284): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6701624Z WARNING: Unable to get the value of cipher: SSL2_IDEA_128_CBC_WITH_MD5 (65285): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6710035Z WARNING: Unable to get the value of cipher: SSL2_DES_64_CBC_WITH_MD5 (65286): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6716870Z WARNING: Unable to get the value of cipher: SSL2_DES_192_EDE3_CBC_WITH_MD5 (65287): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6723499Z WARNING: Unable to get the value of cipher: TLS_NULL_WITH_NULL_NULL (0): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6730275Z WARNING: Unable to get the value of cipher: SSL3_RSA_EXPORT_WITH_RC4_40_MD5 (3): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6736875Z WARNING: Unable to get the value of cipher: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (3): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6745150Z WARNING: Unable to get the value of cipher: SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (6): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6752513Z WARNING: Unable to get the value of cipher: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (6): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6759308Z WARNING: Unable to get the value of cipher: SSL3_RSA_WITH_IDEA_CBC_SHA (7): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6766817Z WARNING: Unable to get the value of cipher: TLS_RSA_WITH_IDEA_CBC_SHA (7): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6773988Z WARNING: Unable to get the value of cipher: SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA (8): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6781056Z WARNING: Unable to get the value of cipher: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (8): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6787840Z WARNING: Unable to get the value of cipher: SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA (11): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6795465Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA (11): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6802294Z WARNING: Unable to get the value of cipher: SSL3_DH_DSS_WITH_DES_CBC_SHA (12): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6810407Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_WITH_DES_CBC_SHA (12): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6817064Z WARNING: Unable to get the value of cipher: SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA (13): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6824719Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (13): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6832337Z WARNING: Unable to get the value of cipher: SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA (14): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6839772Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA (14): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6848141Z WARNING: Unable to get the value of cipher: SSL3_DH_RSA_WITH_DES_CBC_SHA (15): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6854770Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_WITH_DES_CBC_SHA (15): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6861679Z WARNING: Unable to get the value of cipher: SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA (16): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6869281Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (16): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6875728Z WARNING: Unable to get the value of cipher: SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (17): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6884505Z WARNING: Unable to get the value of cipher: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (17): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6892948Z WARNING: Unable to get the value of cipher: SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (20): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6898141Z WARNING: Unable to get the value of cipher: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (20): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6906050Z WARNING: Unable to get the value of cipher: SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5 (23): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6907460Z WARNING: Unable to get the value of cipher: TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 (23): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6908913Z WARNING: Unable to get the value of cipher: SSL3_DH_ANON_WITH_RC4_128_MD5 (24): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6914677Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_RC4_128_MD5 (24): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6915963Z WARNING: Unable to get the value of cipher: SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA (25): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6917533Z WARNING: Unable to get the value of cipher: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (25): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6922800Z WARNING: Unable to get the value of cipher: SSL3_DH_ANON_WITH_DES_CBC_SHA (26): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6923985Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_DES_CBC_SHA (26): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6935102Z WARNING: Unable to get the value of cipher: SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA (27): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6936624Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (27): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6941055Z WARNING: Unable to get the value of cipher: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (65279): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6951404Z WARNING: Unable to get the value of cipher: SSL_RSA_FIPS_WITH_DES_CBC_SHA (65278): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6962297Z WARNING: Unable to get the value of cipher: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (98): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.6965790Z WARNING: Unable to get the value of cipher: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (100): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7009150Z WARNING: Unable to get the value of cipher: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (99): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7010452Z WARNING: Unable to get the value of cipher: TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA (101): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7011973Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_WITH_AES_128_CBC_SHA (48): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7013186Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_WITH_AES_128_CBC_SHA (49): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7014497Z WARNING: Unable to get the value of cipher: TLS_DH_ANON_WITH_AES_128_CBC_SHA (52): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7015668Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_AES_128_CBC_SHA (52): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7016850Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_WITH_AES_256_CBC_SHA (54): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7028033Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_WITH_AES_256_CBC_SHA (55): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7032149Z WARNING: Unable to get the value of cipher: TLS_DH_ANON_WITH_AES_256_CBC_SHA (58): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7035542Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_AES_256_CBC_SHA (58): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7041164Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (66): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7045447Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (67): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7082204Z WARNING: Unable to get the value of cipher: TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA (70): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7090221Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA (70): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7095147Z WARNING: Unable to get the value of cipher: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (133): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7101988Z WARNING: Unable to get the value of cipher: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (134): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7104117Z WARNING: Unable to get the value of cipher: TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA (137): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7111440Z WARNING: Unable to get the value of cipher: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA (137): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7120109Z WARNING: Unable to get the value of cipher: TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 (170): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7126509Z WARNING: Unable to get the value of cipher: TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 (171): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7129847Z WARNING: Unable to get the value of cipher: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (255): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7133547Z WARNING: Unable to get the value of cipher: TLS_FALLBACK_SCSV (22016): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7141059Z WARNING: Unable to get the value of cipher: TLS_ECDH_anon_WITH_NULL_SHA (49173): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7154819Z WARNING: Unable to get the value of cipher: TLS_ECDH_anon_WITH_RC4_128_SHA (49174): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7156204Z WARNING: Unable to get the value of cipher: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (49175): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7157433Z WARNING: Unable to get the value of cipher: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (49176): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7159312Z WARNING: Unable to get the value of cipher: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (49177): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7163766Z WARNING: Unable to get the value of cipher: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (49197): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7165348Z WARNING: Unable to get the value of cipher: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (49201): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7166618Z WARNING: Unable to get the value of cipher: TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 (52396): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7168036Z WARNING: Unable to get the value of cipher: TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 (52397): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7181804Z WARNING: Unable to get the value of cipher: TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 (53249): Unknown cipher suite to get or getting its value failed
2021-07-02T18:29:34.7183147Z WARNING: Unable to get the value of cipher: TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 (53250): Unknown cipher suite to get or getting its value failed

It seems to be related to pki ca-user-cert-add caagent command. Other pki commands did not generate these warnings.

Relevant code:

@cipherboy wrote:

You might need to update NSS versions. I think they completely removed some cipher suites we still have constant values for, which isn't surprising given the list of these.
They're all cipher suites you wouldn't let anyone use.
Or rather, they're obscure ones only present in sslproto.h and not actually used.
PSK isn't really in favor with Firefox/NSS.