Hello,
I am seeing this issue when I moved to java 1.6.0_71 (65) with FIPS enabled.
Appreciate any suggestions.
Thanks
S
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
SESSION KEYGEN:
PreMaster Secret:
: 03 01 81 BE C3 B2 2B FF 1A 41 9C 10 0B 9D 72 72 ..+..Arr
0010: 69 CC 3F EE 87 2E 76 78 A6 D4 CB B7 FA 43 C6 B9 i.?...vx.C..
0020: 8E 1F B6 27 41 5D DA F8 75 B5 E7 2F F7 AE 33 48 ...'A]..u../..3H
RSA master secret generation error:
java.security.InvalidAlgorithmParameterException: init() failed
at
sun.security.pkcs11.P11TlsMasterSecretGenerator.engineInit(P11TlsMasterSecretGenerator.java:72)
at javax.crypto.KeyGenerator.init(DashoA13*..)
at javax.crypto.KeyGenerator.init(DashoA13*..)
at
com.sun.net.ssl.internal.ssl.Handshaker.calculateMasterSecret(Handshaker.java:751)
at
com.sun.net.ssl.internal.ssl.Handshaker.calculateKeys(Handshaker.java:716)
at
com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:218)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:187)
at
org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:686)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:680)
Caused by: java.security.InvalidKeyException: Could not create key
at
sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:224)
at
sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:129)
at
sun.security.pkcs11.P11TlsMasterSecretGenerator.engineInit(P11TlsMasterSecretGenerator.java:70)
... 15 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
CKR_ATTRIBUTE_VALUE_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
at
sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:219)
... 17 more
http-8443-1, handling exception: java.security.ProviderException:
java.security.InvalidAlgorithmParameterException: init() failed
http-8443-1, SEND TLSv1 ALERT: fatal, description = internal_error
http-8443-1, WRITE: TLSv1 Alert, length = 2
The provider cfg looks like
name = FIPSProvider
nssLibraryDirectory = /usr/lib
nssSecmodDirectory = /opt/nss/db
nssModule = fips
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto