We've into a problem with a native x86/Linux app of ours - linked statically with vanilla openssl-fips-2.0.2 and openssl-1.0.1e we've built - trying to connect to our Java app when it is running under the latest OpenJDK 1.7.0_45 on RedHat 6.5 or OpenSUSE v13.1: the native app logs
SSL_connect: tlsv1 alert internal error and the Java app throws the exception: PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID A little searching turned up a very close match to our scenario in this RedHat bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1022017 The conclusion (scroll down to comments 37/38) is that this is a bug with openssl claiming to support an algorithm it doesn't, and the RedHat version of the openssl 1.0.1e source has been patched to fix this. Question: are they correct that this is an openssl bug? If so, will this be fixed in a 1.0.1f or 1.02 release? I can work around the problem by modifying OpenJDK's java.security file and disabling the NSS provider but would prefer not to do this since a customer would have to do that every time OpenJDK was updated. -Andrew ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
