Unable to use BouncyCastleJSSE for TLS using certificate having ML-DSA key

[pruthig]

Hello Team,

I am trying to use BouncyCastleJSSE provider for TLS communication using a certificate that has ML-DSA key. I am explicitly setting TLS version to 1.3, but getting following error:

org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); [server #1 @335302fd] found no selectable cipher suite among the 4 offered: [{0x13,0x02}(TLS_AES_256_GCM_SHA384), {0x13,0x03}(TLS_CHACHA20_POLY1305_SHA256), {0x13,0x01}(TLS_AES_128_GCM_SHA256), {0x00,0xff}(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)]

Can anybody please assist here?

[roy-basmacier]

Hello @pruthig,

Looks like there isn't a common supported cipher suite. Try adding to the supported cipher suites. If you're using an SSL socket, add the cipher suites using setEnabledCipherSuites() and the TLSv1.3 protocol with setEnabledProtocols()

~ Roy

[peterdettman]

In this case the emphasis is probably on selectable cipher suite, the most common reason for which (apart from there being no cipher suites in common) is the absence of suitable credentials.

ML-DSA signature schemes for TLS aren't supported yet; it is a work-in-progress following draft-ietf-tls-mldsa.

[peterdettman]

Closing as not a bug; current status is that draft-ietf-tls-mldsa-00 is implemented, although the ML-DSA signature schemes are not enabled by default.