Hashing algorithms on SCA6000 card

Hi, I have raised a bug with Sun support... In the meanwhile, I hope even the NSS bug is resolved.. I can probably use Tomcat as the web server instead of Apache (because JSSE works just fine) Thanks for all the support guys :) I'll update this thread as soon as I hear of anything... On Tue, Aug

Hashing algorithms on SCA6000 card

The same problem still exists with mod_nss though :( Seems to be very much the same bug as: https://bugzilla.mozilla.org/show_bug.cgi?id=434043 The nss logs say that it can find the certificate first time, but subsequently they fail to find it..

Hashing algorithms on SCA6000 card

Sandeep Cavale wrote: > to recompile nss again (mod_nss is derived from mod_ssl and hence I > think it probably makes use of Openssl as well, right?). I shall try > this and see if it works.. mod_nss page says: 'It is a conversion from using OpenSSL calls to using NSS calls instead.' so the

Hashing algorithms on SCA6000 card

Oh blimey!! Thanks Gary :) Now the card displays firmware version as 1.1.2... And one more thing.. I went back and tried configuring from the scratch, and I found that the issue is with openssl (6731839 & 6725903 and a few others) So I added the Solaris patches with corrections for those bugs and

Hashing algorithms on SCA6000 card

Yes that looks like a firmware bug - the firmware is crashing on the request. File a bug and please add as much detail as possible as far as how to create the problem. -gary On 08/25/09 06:50, Sandeep Cavale wrote: > The same problem still exists with mod_nss though :( > > Seems to be very mu

Hashing algorithms on SCA6000 card

Yes.. I did upgrade to firmware 1.1 update 2... And I also installed all the patches that came with that update. This is what I get with "scadiag" # scadiag -V mca0 scadiag (Sun Crypto Accelerator 6000) 1.1 Copyright 2006 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms

Hashing algorithms on SCA6000 card

On 08/23/09 22:31, Sandeep Cavale wrote: > > Yes.. I did upgrade to firmware 1.1 update 2... And I also installed all > the patches that came with that update. > > This is what I get with "scadiag" > > # scadiag -V mca0 > scadiag (Sun Crypto Accelerator 6000) 1.1 > Copyright 2006 Sun Microsyste

Hashing algorithms on SCA6000 card

Hi, I upgraded the firmware to 1.1.. The cryptoadm lists the HMAC algs: mca/0: CKM_SHA_1,CKM_SHA512,CKM_DES_CBC,CKM_DES3_CBC,CKM_AES_CBC,CKM_AES_CTR,CKM_DES_CBC_PAD,CKM_DES3_CBC_PAD,CKM_AES_CBC_PAD,CKM_SHA_1_HMAC,CKM_SHA512_HMAC,CKM_SHA_1_HMAC_GENERAL,CKM_SHA512_HMAC_GENERAL,CKM_RSA_X_509,CKM_RSA_

Hashing algorithms on SCA6000 card

On 08/21/09 07:15, Sandeep Cavale wrote: > Hi, > > I upgraded the firmware to 1.1.. You pulled down 1.1 update 2, correct? Did you install all of the patches included in that download as well? Can you send me the output from scadiag -v mca0 > > The cryptoadm lists the HMAC algs: > mca/0:

Hashing algorithms on SCA6000 card

Thanks Gary.. The guide seems to be 1.1 but the firmware we have is 1.0.. Anyway I shall give it a try, not sure if it would work with 1.0 Is there any other way to get the HMAC algorithms accessible from NSS/mod_nss/cryptoadm without firmware upgrade to 1.1 ? Because JSSE/JCE can access them wi

Hashing algorithms on SCA6000 card

Hi, We have a problem with running Apache mod_nss with SCA6000 in FIPS mode.. When we disable the "Sun Metaslot", so that nss can use only the Hardware token completely, we get the following error when we try to connect to our server from openssl: # openssl s_client -connect localhost:443 -tls1 -s

Hashing algorithms on SCA6000 card

You should download the 1.1 code - the 1.0 code does not support this. http://www.sun.com/products/networking/downloads.html -gary On 08/20/09 11:22, Sandeep Cavale wrote: > Thanks Gary.. > > The guide seems to be 1.1 but the firmware we have is 1.0.. > > Anyway I shall give it a try, not

Hashing algorithms on SCA6000 card

If you are going to use the sca 6000 for hmac you will need to enable some options in the mca.conf driver config file: take a look at the user's guide for details - you will need to add entries for enable-hmac=1; and then assuming you are running the card in FIPS mode (only sha1 is available