NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret

Solution Verified - Updated -

Issue

  • Getting no such algorithm: SunTls12MasterSecret error
    java.security.ProviderException: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-nss-fips`

  • We're trying to set up httpd to proxy over https to Tomcat using PKCS#11 with Netscape Security Services (NSS) for FIPS compliant TLS/SSL. The proxy handshakes are failing and debug SSL logging on tomcat indicates that they fail with the following exception:

    RSA master secret generation error:
     java.security.InvalidAlgorithmParameterException: Key format must be RAW
       at com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:67)
       at javax.crypto.KeyGenerator.init(KeyGenerator.java:438)
       at javax.crypto.KeyGenerator.init(KeyGenerator.java:414)
       at sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1052)
       at sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:999)
    

Environment

  • Java configured to use TLS 1.2 with PKCS#11 JCE provider
    • Red Hat JBoss Enterprise Web Server (EWS)
    • Red Hat JBoss Enterprise Application Server (EAP)
    • Apache Tomcat

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In