Hello, I am seeing this issue when I moved to java 1.6.0_71 (65) with FIPS enabled.
Appreciate any suggestions. Thanks S *** ClientKeyExchange, RSA PreMasterSecret, TLSv1 SESSION KEYGEN: PreMaster Secret: 0000: 03 01 81 BE C3 B2 2B FF 1A 41 9C 10 0B 9D 72 72 ......+..A....rr 0010: 69 CC 3F EE 87 2E 76 78 A6 D4 CB B7 FA 43 C6 B9 i.?...vx.....C.. 0020: 8E 1F B6 27 41 5D DA F8 75 B5 E7 2F F7 AE 33 48 ...'A]..u../..3H RSA master secret generation error: java.security.InvalidAlgorithmParameterException: init() failed at sun.security.pkcs11.P11TlsMasterSecretGenerator.engineInit(P11TlsMasterSecretGenerator.java:72) at javax.crypto.KeyGenerator.init(DashoA13*..) at javax.crypto.KeyGenerator.init(DashoA13*..) at com.sun.net.ssl.internal.ssl.Handshaker.calculateMasterSecret(Handshaker.java:751) at com.sun.net.ssl.internal.ssl.Handshaker.calculateKeys(Handshaker.java:716) at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:218) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:187) at org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:686) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:680) Caused by: java.security.InvalidKeyException: Could not create key at sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:224) at sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:129) at sun.security.pkcs11.P11TlsMasterSecretGenerator.engineInit(P11TlsMasterSecretGenerator.java:70) ... 15 more Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method) at sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:219) ... 17 more http-8443-1, handling exception: java.security.ProviderException: java.security.InvalidAlgorithmParameterException: init() failed http-8443-1, SEND TLSv1 ALERT: fatal, description = internal_error http-8443-1, WRITE: TLSv1 Alert, length = 2 The provider cfg looks like name = FIPSProvider nssLibraryDirectory = /usr/lib nssSecmodDirectory = /opt/nss/db nssModule = fips -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto