"NoSuchAlgorithmException: Error constructing implementation (algorithm: pkcs11prng, provider: Mozilla-JSS ..." when replacing JSSE with JSS

Tue, 28 Apr 2015 12:14:07 -0700 

Hello,

I’m trying to troubleshoot Java SSL client that is having a bizarre interaction 
with an SSL-terminating load balancer, and I’m trying to decrypt the entire 
session in wireshark.

I noticed that NSS has an environment variable, SSLKEYLOGFILE, that causes it 
to log session keys to the specified file, and wireshark can use that key log 
file to decrypt the HTTPS traffic it sniffs.

My plan was to replace the default java security provider with JSS and then run 
the client with the SSLKEYLOGFILE environment variable set to see if JSS/NSS 
would log session keys that I could then feed to wireshark.

I made the following edit to $JAVA_HOME/lib/security/java.security:
#security.provider.1=sun.security.provider.Sun
security.provider.1=org.mozilla.jss.JSSProvider

Unfortunately, when I run the client I get the following exception:

java.lang.RuntimeException: java.security.NoSuchAlgorithmException: Error 
constructing implementation (algorithm: pkcs11prng, provider: Mozilla-JSS, 
class: org.mozilla.jss.provider.java.security.JSSSecureRandomSpi)
        at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:212)
        at java.security.SecureRandom.<init>(SecureRandom.java:161)
        at com.sun.crypto.provider.SunJCE.<clinit>(SunJCE.java:94)
        ... 30 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing 
implementation (algorithm: pkcs11prng, provider: Mozilla-JSS, class: 
org.mozilla.jss.provider.java.security.JSSSecureRandomSpi)
        at java.security.Provider$Service.newInstance(Provider.java:1259)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
        at java.security.SecureRandom.getInstance(SecureRandom.java:287)
        at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:204)
        ... 32 more
Caused by: java.lang.NullPointerException
        at 
org.mozilla.jss.provider.java.security.JSSSecureRandomSpi.<init>(JSSSecureRandomSpi.java:48)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
        at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
        at java.security.Provider$Service.newInstance(Provider.java:1240)
        ... 36 more

I’m probably missing something in my configuration, so any insights would be 
welcome.

Environment details:
Architecture: x86_64, (AMD64)
OS: Debian Linux 8
NSPR version: 4.10.7 (debian package)
NSS version: 3.17.2 (debian package)
JSS version: 4.3.1 (debian package)
JVMs: Oracle 1.7.0_80 and Oracle 1.8.0_45 (same behavior in both)

Best regards,
Mike Przybylski
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to