ksreedha...@gmail.com wrote, On 2009-04-01 17:54: > Hello, > > I am [using] Mozilla-JSS as the provider in my Java application which > is a SSL client connecting to OpenSSL based SSL Server.
You haven't reported version information, such as: - version of JDK/JRE - version of JSS - version of NSS It's possible that you have a version mismatch of some sort. > I am using the cipher suite "TLS_RSA_WITH_AES_128_CBC_SHA" and we are > using TLSv1.0 as the SSL protocol. > > I get this exception when I try to connect to the server. Server has a > self signed RSA based certificate. I have rearranged the stack below, so that it appears as one continuous stack, with the first (or "root cause") exception at the top. > I thought premaster secret key is generated by the Client and encrypt > using the public key of the certificate so that Server will decrypt using > its private key. That's correct for the cipher suite "TLS_RSA_WITH_AES_128_CBC_SHA". > Can some one tell me what I am missing here and what this exception > means? The first exception reported in this stack, namely: > java.security.InvalidKeyException: Invalid key type: > org.mozilla.jss.pkcs11.PK11RSAPublicKey says that the failure occurred when trying to encrypt the pre-master secret with the RSA public key. The exception reports that the key it was given as the pre-master secret, to be encrypted with the server's RSA public key, was actually not a pre-master secret, but rather was an RSA public key. The code that threw the first exception may be seen at > http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/jss/org/mozilla/jss/provider/javax/crypto/JSSCipherSpi.java&rev=1.7&mark=103,106,123-124#103 > at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.importKey > (JSSCipherSpi.java:123) > at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineInit > (JSSCipherSpi.java:161) > at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineInit > (JSSCipherSpi.java:270) > at javax.crypto.Cipher.init(DashoA13*..) > at com.sun.net.ssl.internal.ssl.JCE_RSACipher.encryptInit (RSACipher.java:76) > at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init> > (PreMasterSecret.java:83) Consequently, it was unable to create an RSA-encrypted pre-master secret (also know as the "RSA pre-master secret"), and this is what the second exception is complaining about. > (which caused) javax.net.ssl.SSLKeyException: RSA premaster secret error > at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init> > (PreMasterSecret.java:86) > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone > (ClientHandshaker.java:439) > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage > (ClientHandshaker.java:132) > at com.sun.net.ssl.internal.ssl.Handshaker.process_record > (Handshaker.java:334) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord > (SSLSocketImpl.java:805) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake > (SSLSocketImpl.java:1046) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake > (SSLSocketImpl.java:1059) > at com.fhp.ems.main.TestSecurity_SSL.testSSL (TestSecurity_SSL.java:218) > at com.fhp.ems.main.TestSecurity_SSL.main (TestSecurity_SSL.java:69) Maybe Glen can tell us more about diagnosing this failure. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
