DH ServerKeyExchange does not comply to algorithm constraints

Securing applications
1 
keycloak_1   | 10:45:22,285 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-3) Failed to make identity provider oauth callback: javax.net.ssl.SSLHandshakeException: DH ServerKeyExchange does not comply to algorithm constraints

I’m trying to setup an openid IDp for Microsoft Azure. The other party has setup the Azure end using the export I gave them. They in return sent me a URL to import the details from - this failed to work, so I have manually entered the endpoint details.

This seemed to have got me at least connecting to the Azure portal to logon. But upon successful logon the user gets a vague message

Unexpected error when authenticating with identity provider.

In the Keycloak events there’s even less detail:

identity_provider_login_error

In the Docker logs I get more detail and can now see the issue is with the above error regarding DH key exchange.

A more complete log of the error attached in paste bin: https://pastebin.com/zuUwkwJi

Can anyone help with this? I’m guess I need some Java security tweak to match the Azure end, but not really sure where to go.

2

After setting up a trial with Azure I setup both SAML and OIDC IDp’s using keycloak without issue.

However, the one customer continues to have this DH algorithm issue. I suspect it’s related to their Azure instance, but for the life of me can’t find anything in the Azure trial that suggest I could even change it.

I seem to recall that MS freezes Azure versions for Gov’t agencies and I wonder if their instance is using an older version of Azure.

3

That Azure instance is probably old = it supports old (vulnerable) TLS ciphers, so Keycloak is not able to create secure TLS connection.

Tweak (allow insecure shorter DH keys) in java.security config:

cat /etc/java/java-11-openjdk/java-11-openjdk-*/conf/security/java.security 
...

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL

Keycloak Docker image is picky about TLS security from 7.0.1+, when base image was changed.

4

Thanks for the response, at least you seem to confirm my suspicion about the version of Azure.

I did tweak java.security by removing the DH Keysize < 1024 but I still didn’t get it to connect.

jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
  DSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL

So I tried decreasing the size too, still to no avail.

5

How? Correct questions give you correct answer - otherwise it is a question for oracle. You didn’t provide “Minimal working example”, so how someone can replicate your problem?

6

I modified my docker-compose.yml and used a copy of the internal java.security that I modified and mounted into the container:

keycloak:
	image: ${KEYCLOAK_IMAGE:-quay.io/keycloak/keycloak}:${KEYCLOAK_IMAGE_VERSION:-11.0.2}
	environment:
	  KEYCLOAK_USER: ${KEYCLOAK_USER:-admin}
	  KEYCLOAK_PASSWORD: ${KEYCLOAK_PASSWORD?REQUIRED}
	  KEYCLOAK_LOGLEVEL: ${KEYCLOAK_LOGLEVEL:-INFO}
	  DB_ADDR: db
	  DB_VENDOR: postgres
	  DB_DATABASE: ${KEYCLOAK_DATABASE?REQUIRED}
	  DB_USER: ${KEYCLOAK_POSTGRES_USER?REQUIRED}
	  DB_PASSWORD: ${KEYCLOAK_POSTGRES_PASSWORD?REQUIRED}
	  PROXY_ADDRESS_FORWARDING: ${PROXY_ADDRESS_FORWARDING:-true}
	  JAVA_OPTS_APPEND: ${JAVA_OPTS_APPEND}
	  ROOT_LOGLEVEL: ${ROOT_LOGLEVEL:-INFO}
	  KEYCLOAK_LOGLEVEL: ${KEYCLOAK_LOGLEVEL:-INFO}
	volumes:
	  - "${PWD}/opusvl:/opt/jboss/keycloak/themes/opusvl:rw"
	  - "${PWD}/java.security:/etc/java/java-11-openjdk/java-11-openjdk-11.0.7.10-1.el8_1.x86_64/conf/security/java.security"
	  - "${PWD}/standalone.sh:/opt/jboss/keycloak/bin/standalone.sh"
	ports:
	  - "${PORTBASE?REQUIRED}80:8080"
	  - "${PORTBASE?REQUIRED}43:8443"

I even went as far as removing the entire ‘jdk.tls.disabledAlgorithms’ at one point.

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 512, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL
7

1.)
/etc/java/java-11-openjdk/java-11-openjdk-11.0.7.10-1.el8_1.x86_64/conf/security/java.security
is not valid path for keycloak:11.0.2 - there is
/etc/java/java-11-openjdk/java-11-openjdk-11.0.8.10-0.el8_2.x86_64/conf/security/java.security

2.) java.security has multiple configs - it can be another config, not jdk.tls.disabledAlgorithms

8

The path may have been a legacy from 10.0.2, but I have corrected that thank you.

I’m not sure what you mean by 2) java.security has multiple configs - it can be another config, not jdk.tls.disabledAlgorithms

I don’t understand enough about java to find it other than in the disabledAglorithms.

When the back channel connects I see this i nthe debug logs:

13:24:56,885 DEBUG [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] (default task-2) Connecting to REDACTED/REDACTED:443
13:24:56,885 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (default task-2) Connecting socket to REDACTED/REDACTED:443 with timeout 0
13:24:56,928 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (default task-2) Enabled protocols: [TLSv1.3, TLSv1.2]
13:24:56,928 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (default task-2) Enabled cipher suites:[TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
13:24:56,928 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (default task-2) Starting handshake
13:24:57,046 DEBUG [org.apache.http.impl.conn.DefaultManagedHttpClientConnection] (default task-2) http-outgoing-0: Shutdown connection
13:24:57,046 DEBUG [org.apache.http.impl.execchain.MainClientExec] (default task-2) Connection discarded
13:24:57,046 DEBUG [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] (default task-2) Connection released: [id: 0][route: {s}->https://REDACTED:443][total available: 0; route allocated: 0 of 64; total allocated: 0 of 128]
13:24:57,046 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-2) Failed to make identity provider oauth callback: javax.net.ssl.SSLHandshakeException: DH ServerKeyExchange does not comply to algorithm constraints