issues with NSS 3.12.4

Ligade, Shailesh [USA] Sat, 22 Feb 2014 11:50:22 -0800

Hello,

I am seeing this issue when I moved to java 1.6.0_71 (65) with FIPS enabled.


Appreciate any suggestions.

Thanks
S

*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 81 BE C3 B2 2B FF   1A 41 9C 10 0B 9D 72 72  ......+..A....rr
0010: 69 CC 3F EE 87 2E 76 78   A6 D4 CB B7 FA 43 C6 B9  i.?...vx.....C..
0020: 8E 1F B6 27 41 5D DA F8   75 B5 E7 2F F7 AE 33 48  ...'A]..u../..3H
RSA master secret generation error:
java.security.InvalidAlgorithmParameterException: init() failed
        at 
sun.security.pkcs11.P11TlsMasterSecretGenerator.engineInit(P11TlsMasterSecretGenerator.java:72)
        at javax.crypto.KeyGenerator.init(DashoA13*..)
        at javax.crypto.KeyGenerator.init(DashoA13*..)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.calculateMasterSecret(Handshaker.java:751)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.calculateKeys(Handshaker.java:716)
        at 
com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:218)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:187)
        at 
org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:686)
        at 
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
        at java.lang.Thread.run(Thread.java:680)
Caused by: java.security.InvalidKeyException: Could not create key
        at 
sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:224)
        at 
sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:129)
        at 
sun.security.pkcs11.P11TlsMasterSecretGenerator.engineInit(P11TlsMasterSecretGenerator.java:70)
        ... 15 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: 
CKR_ATTRIBUTE_VALUE_INVALID
        at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
        at 
sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:219)
        ... 17 more
http-8443-1, handling exception: java.security.ProviderException: 
java.security.InvalidAlgorithmParameterException: init() failed
http-8443-1, SEND TLSv1 ALERT:  fatal, description = internal_error
http-8443-1, WRITE: TLSv1 Alert, length = 2

The provider cfg looks like

name = FIPSProvider
nssLibraryDirectory = /usr/lib
nssSecmodDirectory = /opt/nss/db
nssModule = fips

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

issues with NSS 3.12.4

Reply via email to