Re: issues with NSS 3.12.4

2014-09-25 Thread Sunil Raj 
Hi, Even I am facing the same issue. Were u able to find the problem?



--
View this message in context: 
http://mozilla.6506.n7.nabble.com/issues-with-NSS-3-12-4-tp308894p323597.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: issues with NSS 3.12.4

2014-09-25 Thread sunilrajxyz 
Hi,
Have you found the solution for this? Kindly guide.

Thanks
Sunil
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: issues with NSS 3.12.4

2014-09-25 Thread Robert Relyea 

On 09/25/2014 04:22 AM, Sunil Raj wrote:

Hi, Even I am facing the same issue. Were u able to find the problem?


Java is trying to do something that isn't allowed in FIPS mode. It's 
trying to import a key in the clear. It should instead generate the key 
inside the token rather than import it.


bob




--
View this message in context: 
http://mozilla.6506.n7.nabble.com/issues-with-NSS-3-12-4-tp308894p323597.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.





smime.p7s
Description: S/MIME Cryptographic Signature
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

issues with NSS 3.12.4

2014-02-22 Thread Ligade, Shailesh [USA] 
Hello,

I am seeing this issue when I moved to java 1.6.0_71 (65) with FIPS enabled.

Appreciate any suggestions.

Thanks
S

*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
SESSION KEYGEN:
PreMaster Secret:
: 03 01 81 BE C3 B2 2B FF   1A 41 9C 10 0B 9D 72 72  ..+..Arr
0010: 69 CC 3F EE 87 2E 76 78   A6 D4 CB B7 FA 43 C6 B9  i.?...vx.C..
0020: 8E 1F B6 27 41 5D DA F8   75 B5 E7 2F F7 AE 33 48  ...'A]..u../..3H
RSA master secret generation error:
java.security.InvalidAlgorithmParameterException: init() failed
at 
sun.security.pkcs11.P11TlsMasterSecretGenerator.engineInit(P11TlsMasterSecretGenerator.java:72)
at javax.crypto.KeyGenerator.init(DashoA13*..)
at javax.crypto.KeyGenerator.init(DashoA13*..)
at 
com.sun.net.ssl.internal.ssl.Handshaker.calculateMasterSecret(Handshaker.java:751)
at 
com.sun.net.ssl.internal.ssl.Handshaker.calculateKeys(Handshaker.java:716)
at 
com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:218)
at 
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at 
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:187)
at 
org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:686)
at 
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:680)
Caused by: java.security.InvalidKeyException: Could not create key
at 
sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:224)
at 
sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:129)
at 
sun.security.pkcs11.P11TlsMasterSecretGenerator.engineInit(P11TlsMasterSecretGenerator.java:70)
... 15 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: 
CKR_ATTRIBUTE_VALUE_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
at 
sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:219)
... 17 more
http-8443-1, handling exception: java.security.ProviderException: 
java.security.InvalidAlgorithmParameterException: init() failed
http-8443-1, SEND TLSv1 ALERT:  fatal, description = internal_error
http-8443-1, WRITE: TLSv1 Alert, length = 2

The provider cfg looks like

name = FIPSProvider
nssLibraryDirectory = /usr/lib
nssSecmodDirectory = /opt/nss/db
nssModule = fips

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto