NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret

Solution Verified - Updated -


  • Getting no such algorithm: SunTls12MasterSecret error no such algorithm: SunTls12MasterSecret for provider SunPKCS11-nss-fips`

  • We're trying to set up httpd to proxy over https to Tomcat using PKCS#11 with Netscape Security Services (NSS) for FIPS compliant TLS/SSL. The proxy handshakes are failing and debug SSL logging on tomcat indicates that they fail with the following exception:

    RSA master secret generation error: Key format must be RAW
       at com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(
       at javax.crypto.KeyGenerator.init(
       at javax.crypto.KeyGenerator.init(


  • Java configured to use TLS 1.2 with PKCS#11 JCE provider
    • Red Hat JBoss Enterprise Web Server (EWS)
    • Red Hat JBoss Enterprise Application Server (EAP)
    • Apache Tomcat

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In