Página Principal Explorar Ajuda
Iniciar Sessão
lechercheur123
/
RISE-V2G
mirror de https://github.com/V2GClarity/RISE-V2G
1
0
Fork 0
Ficheiros Problemas 0 Wiki
Ver Fonte

Added comment on how to make sure only the name elliptic curve "secp256r1" is allowed for ECDH(E).

Marc Mültin há 5 anos atrás
pai
f9fce08e6c
commit
7fb507a075
2 ficheiros alterados com 18 adições e 0 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 9 0
      RISE-V2G-EVCC/src/main/java/com/v2gclarity/risev2g/evcc/transportLayer/TLSClient.java
  2. 9 0
      RISE-V2G-SECC/src/main/java/com/v2gclarity/risev2g/secc/transportLayer/TLSServer.java

+ 9 - 0
RISE-V2G-EVCC/src/main/java/com/v2gclarity/risev2g/evcc/transportLayer/TLSClient.java
Ver Ficheiro 

@@ -105,6 +105,15 @@ public class TLSClient extends StatefulTransportLayerClient {
 
 			 * the standard. An implementer may decide to choose only one of them:
 
 			 * - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
 
 			 * - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
 
+			 * 
+			 * In ISO 15118-2, only the named elliptic curve "secp256r1" is allowed for ECDH(E). The jdk.tls.namedGroups property 
+			 * contains a comma-separated list within quotation marks of enabled named groups in preference order. The list of default 
+			 * named groups varies depending on what JDK release you are using. Set it on your Java command-line as follows:
 
+			 * 
+			 * $ java -Djdk.tls.namedGroups="secp256r1"
 
+			 * 
+			 * As it turns out, "secp256r1" is already the default first entry for Java 8 (and higher versions), but you should deactivate 
+			 * the other elliptic curves by reducing the list to this one entry only.
 
 			 */
 
 			String[] enabledCipherSuites = {
 
 					"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",

+ 9 - 0
RISE-V2G-SECC/src/main/java/com/v2gclarity/risev2g/secc/transportLayer/TLSServer.java
Ver Ficheiro 

@@ -76,6 +76,15 @@ public final class TLSServer extends StatefulTransportLayerServer {
 
 			 * the standard. An implementer may decide to choose only one of them:
 
 			 * - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
 
 			 * - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
 
+			 * 
+			 * In ISO 15118-2, only the named elliptic curve "secp256r1" is allowed for ECDH(E). The jdk.tls.namedGroups property 
+			 * contains a comma-separated list within quotation marks of enabled named groups in preference order. The list of default 
+			 * named groups varies depending on what JDK release you are using. Set it on your Java command-line as follows:
 
+			 * 
+			 * $ java -Djdk.tls.namedGroups="secp256r1"
 
+			 * 
+			 * As it turns out, "secp256r1" is already the default first entry for Java 8 (and higher versions), but you should deactivate 
+			 * the other elliptic curves by reducing the list to this one entry.
 
 			 */
 
 			String[] enabledCipherSuites = {
 
 					"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",