Thanks Nelson for the reply. Jss version is 4.2.5 JRE version is 1.6 NSS vesion is 3.11.4
See my comments inline. On Apr 1, 8:45 pm, Nelson B Bolyard <nel...@bolyard.me> wrote: > ksreedha...@gmail.com wrote, On 2009-04-01 17:54: > > > Hello, > > > I am [using] Mozilla-JSS as the provider in my Java application which > > is a SSL client connecting to OpenSSL based SSL Server. > > You haven't reported version information, such as: > - version of JDK/JRE > - version of JSS > - version of NSS > It's possible that you have a version mismatch of some sort. > > > I am using the cipher suite "TLS_RSA_WITH_AES_128_CBC_SHA" and we are > > using TLSv1.0 as the SSL protocol. > > > I get this exception when I try to connect to the server. Server has a > > self signed RSA based certificate. > > I have rearranged the stack below, so that it appears as one continuous > stack, with the first (or "root cause") exception at the top. > > > I thought premaster secret key is generated by the Client and encrypt > > using the public key of the certificate so that Server will decrypt using > > its private key. > > That's correct for the cipher suite "TLS_RSA_WITH_AES_128_CBC_SHA". > > > Can some one tell me what I am missing here and what this exception > > means? > > The first exception reported in this stack, namely: > > > java.security.InvalidKeyException: Invalid key type: > > org.mozilla.jss.pkcs11.PK11RSAPublicKey > > says that the failure occurred when trying to encrypt the pre-master secret > with the RSA public key. The exception reports that the key it was given as > the pre-master secret, to be encrypted with the server's RSA public key, was > actually not a pre-master secret, but rather was an RSA public key. > But the premaster secret key is generated internally right? > The code that threw the first exception may be seen at > > >http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/jss/org/... > > at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.importKey > > (JSSCipherSpi.java:123) > > at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineInit > > (JSSCipherSpi.java:161) > > at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineInit > > (JSSCipherSpi.java:270) > > at javax.crypto.Cipher.init(DashoA13*..) > > at com.sun.net.ssl.internal.ssl.JCE_RSACipher.encryptInit > > (RSACipher.java:76) > > at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init> > > (PreMasterSecret.java:83) > > Consequently, it was unable to create an RSA-encrypted pre-master secret > (also know as the "RSA pre-master secret"), and this is what the second > exception is complaining about. > > > (which caused) javax.net.ssl.SSLKeyException: RSA premaster secret error > > at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init> > > (PreMasterSecret.java:86) > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone > > (ClientHandshaker.java:439) > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage > > (ClientHandshaker.java:132) > > at com.sun.net.ssl.internal.ssl.Handshaker.process_record > > (Handshaker.java:334) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord > > (SSLSocketImpl.java:805) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake > > (SSLSocketImpl.java:1046) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake > > (SSLSocketImpl.java:1059) > > at com.fhp.ems.main.TestSecurity_SSL.testSSL (TestSecurity_SSL.java:218) > > at com.fhp.ems.main.TestSecurity_SSL.main (TestSecurity_SSL.java:69) > > Maybe Glen can tell us more about diagnosing this failure. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
