hi,can you successfully connect to your server using JSSE with it's default provider? meaning
not using mozilla-JSS as the provider?
I know you have used ssltap can you use NSS tool tstclnt? tstclnt -h <hostname> -p <port> -d <your nss cert db dir> -v -2 -3 -c vIf you want full client auth specify your cert nickname with -n <your cert nickname>
If the JSSE works with the default provider, and tstclnt works then open a bug on JSS with steps to recreate issue. -glen ksreedha...@gmail.com wrote:
Thanks Nelson for the reply. Jss version is 4.2.5 JRE version is 1.6 NSS vesion is 3.11.4 See my comments inline. On Apr 1, 8:45 pm, Nelson B Bolyard <nel...@bolyard.me> wrote:ksreedha...@gmail.com wrote, On 2009-04-01 17:54:Hello,I am [using] Mozilla-JSS as the provider in my Java application whichis a SSL client connecting to OpenSSL based SSL Server.You haven't reported version information, such as: - version of JDK/JRE - version of JSS - version of NSS It's possible that you have a version mismatch of some sort.I am using the cipher suite "TLS_RSA_WITH_AES_128_CBC_SHA" and we are using TLSv1.0 as the SSL protocol.I get this exception when I try to connect to the server. Server has aself signed RSA based certificate.I have rearranged the stack below, so that it appears as one continuous stack, with the first (or "root cause") exception at the top.I thought premaster secret key is generated by the Client and encrypt using the public key of the certificate so that Server will decrypt using its private key.That's correct for the cipher suite "TLS_RSA_WITH_AES_128_CBC_SHA".Can some one tell me what I am missing here and what this exception means?The first exception reported in this stack, namely:java.security.InvalidKeyException: Invalid key type: org.mozilla.jss.pkcs11.PK11RSAPublicKeysays that the failure occurred when trying to encrypt the pre-master secret with the RSA public key. The exception reports that the key it was given as the pre-master secret, to be encrypted with the server's RSA public key, was actually not a pre-master secret, but rather was an RSA public key.But the premaster secret key is generated internally right?The code that threw the first exception may be seen athttp://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/jss/org/... at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.importKey (JSSCipherSpi.java:123) at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineInit (JSSCipherSpi.java:161) at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineInit (JSSCipherSpi.java:270) at javax.crypto.Cipher.init(DashoA13*..) at com.sun.net.ssl.internal.ssl.JCE_RSACipher.encryptInit (RSACipher.java:76) at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init> (PreMasterSecret.java:83)Consequently, it was unable to create an RSA-encrypted pre-master secret (also know as the "RSA pre-master secret"), and this is what the second exception is complaining about.(which caused) javax.net.ssl.SSLKeyException: RSA premaster secret error at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init> (PreMasterSecret.java:86) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone (ClientHandshaker.java:439) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage (ClientHandshaker.java:132) at com.sun.net.ssl.internal.ssl.Handshaker.process_record (Handshaker.java:334) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord (SSLSocketImpl.java:805) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake (SSLSocketImpl.java:1046) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake (SSLSocketImpl.java:1059) at com.fhp.ems.main.TestSecurity_SSL.testSSL (TestSecurity_SSL.java:218) at com.fhp.ems.main.TestSecurity_SSL.main (TestSecurity_SSL.java:69)Maybe Glen can tell us more about diagnosing this failure.
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
