Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not support ECDSA cipher suite for aws-sdk-ios #905

Open
Cyan-pactera opened this issue Apr 23, 2018 · 4 comments
Open

Not support ECDSA cipher suite for aws-sdk-ios #905

Cyan-pactera opened this issue Apr 23, 2018 · 4 comments
Labels
feature-request Request a new feature follow up Requires follow up from maintainers iot Issues related to the IoT SDK

Comments

@Cyan-pactera
Copy link

In principle,ECDSA cipher suite is supported in AWS IoT
Elliptic Curve Cryptography and Forward Secrecy Support in AWS IoT
Security and Identity for AWS IoT

TLS Cipher Suite Support

AWS IoT supports the following cipher suites:

ECDHE-ECDSA-AES128-GCM-SHA256 (recommended)
ECDHE-RSA-AES128-GCM-SHA256 (recommended)
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA​

But in aws-sdk-ios, all certificates save as RSA type.It only support RSA.

[keyPairAttr setObject:(id)kSecAttrKeyTypeRSA forKey:(id)kSecAttrKeyType];
This operation execute in "AWSIoTKeychain.m"

While importing p12 that contains ecdsa key by importIdentityFromPKCS12Data:passPhrase:certificateId: method, it will return YES,
but validity verification will always failed when we try to connect to server. By the way, verification is private method.
@lexmakali
Copy link
Contributor

Thank you @Cyan-pactera for reporting to us. Sorry for the inconvenience caused. As you pointed out, the SDK only supports RSA for key exchange though the IoT service supports ECDSA. We will take it as a feature request to support the different cipher suites that AWS IoT supports in the TLS connection.

@lexmakali lexmakali added iot Issues related to the IoT SDK feature-request Request a new feature investigating This issue is being investigated labels Apr 26, 2018
@scb01 scb01 self-assigned this May 12, 2018
@Manasi-Bhandare-Bose
Copy link

any timeline on this?

@scb01 scb01 removed the investigating This issue is being investigated label Nov 9, 2018
@scb01
Copy link
Contributor

scb01 commented Nov 9, 2018

@Manasi-Bhandare-Bose

I don't have a specific timeline that I can share at this point. This is in our backlog and waiting for prioritization. I will post back on this thread or through a general forum announcement when I have an update.

@alperenguclu
Copy link

@cbommas @kvasukib
Is there any update about this issue?

@atierian atierian added the follow up Requires follow up from maintainers label Sep 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request Request a new feature follow up Requires follow up from maintainers iot Issues related to the IoT SDK
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@scb01 @lexmakali @Cyan-pactera @Manasi-Bhandare-Bose @alperenguclu @atierian