Hello Java Security Devs,
The following exception occurs while processing serverHelloDone during an
attempt at TLS1.2 with NSS in FIPS mode (via modutil) .
java.security.NoSuchAlgorithmException: no such algorithm:
SunTls12RsaPremasterSecret for provider SunPKCS11-NSS
Both the client and the server are running from a unit test using:
* JDK 1.8.0_31-b13
* nss-3.16.2.3-3
The same test runs fine in FIPS mode using TLS1.1 or TLS1.0. The same test
also runs with TLS1.2 when the keystore is not in FIPS mode.
I am thinking that it is not supported. SunPKCS11-NSS provider needs to be
updated with the SunTLS12* algorithms before this will work. The JSSE's
ClientKeyExchange expects to be able to obtain a KeyGenerator specific to
TLS1.2. When in FIPS mode, the crypto provider is SunPKCS11-NSS and it does
not have the requested algorithm.
Can anyone confirm or deny this? Any ideas as to when it will be supported?
I've been all over the map trying to figure this one out. I am pretty sure at
this point that it is not a problem with the NSS library. I can provide full
stack trace and debug output as needed, but am hoping someone can answer first
whether this configuration should be expected to work.
Thanks for your help,
Jenny
