Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to create SSL connection with SoftHSM #668

Open
edewata opened this issue Dec 16, 2020 · 2 comments
Open

Unable to create SSL connection with SoftHSM #668

edewata opened this issue Dec 16, 2020 · 2 comments

Comments

@edewata
Copy link
Contributor

edewata commented Dec 16, 2020

JSS is unable to create SSL connection using certificate in SoftHSM.

Steps to reproduce:

  1. Build and install PKI from this branch: https://github.com/edewata/pki/tree/softhsm
  2. Install DS
  3. Prepare a SoftHSM token:
$ usermod pkiuser -a -G ods
$ runuser -u pkiuser -- softhsm2-util --init-token --label HSM --so-pin Secret.123 --pin Secret.123 --free
  1. Install CA with SoftHSM
$ pkispawn -f /usr/share/pki/server/examples/installation/ca-hsm.cfg -s CA -v
  1. Connect via SSL:
$ pki info

Actual result: The SSL connection fails due to handshake failure. The server generates the following stack trace in systemd journal.

SEVERE: Error running socket processor
java.lang.RuntimeException: Unable to configure certificate and key on model SSL PRFileDesc proxy: SEC_ERROR_NO_MEMORY (-8173)
        at org.mozilla.jss.ssl.javax.JSSEngine.getServerTemplate(JSSEngine.java:993)
        at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.createBufferFD(JSSEngineReferenceImpl.java:322)
        at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.init(JSSEngineReferenceImpl.java:252)
        at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.beginHandshake(JSSEngineReferenceImpl.java:634)
        at org.apache.tomcat.util.net.SecureNioChannel.processSNI(SecureNioChannel.java:348)
        at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:175)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1568)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)

Expected result: The SSL connection should not fail.

Note: To remove the SoftHSM token:

$ runuser -u pkiuser -- softhsm2-util --delete-token --token HSM
@edewata
Copy link
Contributor Author

edewata commented Dec 16, 2020

Server startup log:

Started PKI Tomcat Server pki-tomcat.
Java virtual machine used: /usr/share/java-utils/java-wrapper
classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/lib/java/commons-daemon.jar
main class used: org.apache.catalina.startup.Bootstrap
flags used: -Dcom.redhat.fips=false
options used: -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager     -Djava.security.manager     -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy
arguments used: start
+ JAVACMD=/usr/lib/jvm/java-1.8.0-openjdk/bin/java
+ JAVACMD_OPTS=' -agentpath:/usr/lib/abrt-java-connector/libabrt-java-connector.so=abrt=on,'
+ unset _JP_JAVACMD
+ unset _JP_JAVACMD_OPTS
+ exec /usr/lib/jvm/java-1.8.0-openjdk/bin/java -agentpath:/usr/lib/abrt-java-connector/libabrt-java-connector.so=abrt=on, -Dcom.redhat.fips=false -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/lib/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.security.manager -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy org.apache.catalina.startup.Bootstrap start
INFO: JSSListener: Initializing JSS
FINE: CryptoManager: loading JSS library
FINE: CryptoManager: loaded JSS library from /usr/lib64/jss/libjss4.so
FINE: Loaded org.mozilla.jss.provider.java.security.JSSMessageDigestSpi$SHA1@7f77e91b
FINE: Loaded RSA
INFO: JSS CryptoManager: successfully initialized from NSS database at /var/lib/pki/pki-tomcat/alias
FINE: JSSImplementation: instance created
FINE: JSSImplementation: getSSLUtil()
FINE: JSSImplementation: key alias: HSM:sslserver
FINE: JSSImplementation: keystore provider: Mozilla-JSS
FINE: JSSImplementation: key manager alg: SunX509
FINE: JSSImplementation: truststore alg: PKIX
FINE: JSSImplementation: truststore provider: Mozilla-JSS
FINE: JSSUtil: getImplementedProtocols()
FINE: JSSContext(null)
FINE: JSSContext.init(...)
FINE: JSSContextSpi.engineInit(null, null, null)
FINE: JSSContext.createSSLEngine()
FINE: JSSContextSpi.engineCreateSSLEngine()
FINE: JSSEngine: constructor()
FINE: JSSEngine: setKeyManager(null)
FINE: JSSEngine: setKeyManagers([null])
FINE: JSSEngine: getSupportedProtocols()
FINE: JSSEngine: getSupportedProtocol - Supported: TLS_1_0
FINE: JSSEngine: getSupportedProtocol - Supported: TLS_1_1
FINE: JSSEngine: getSupportedProtocol - Supported: TLS_1_2
FINE: JSSEngine: getSupportedProtocol - Supported: TLS_1_3
FINE: JSSEngine: getSupportedCipherSuites()
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_RSA_WITH_AES_128_CBC_SHA
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_RSA_WITH_AES_256_CBC_SHA
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_RSA_WITH_AES_128_CBC_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_RSA_WITH_AES_256_CBC_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_RSA_WITH_AES_128_GCM_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_RSA_WITH_AES_256_GCM_SHA384
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_FALLBACK_SCSV
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_AES_128_GCM_SHA256
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_AES_256_GCM_SHA384
FINE: JSSEngine: getSupportedCipherSuites() - Supported: TLS_CHACHA20_POLY1305_SHA256
FINE: JSSUtil: getLog()
FINE: The [protocols] that are active are : [[TLSv1, TLSv1.3, TLSv1.2, TLSv1.1]]
FINE: JSSUtil: isTls13RenegAuthAvailable()
FINE: JSSUtil: getImplementedCiphers()
FINE: JSSUtil: getLog()
FINE: The [ciphers] that are active are : [[TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]]
FINE: Some of the specified [ciphers] are not supported by the SSL engine and have been skipped: [[TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, TLS_ECDHE_ECDSA_WITH_AES_256_CCM, TLS_PSK_DHE_WITH_AES_256_CCM_8, TLS_DHE_PSK_WITH_AES_256_CCM, TLS_DHE_RSA_WITH_AES_256_CCM_8, TLS_DHE_RSA_WITH_AES_256_CCM, TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, TLS_SRP_SHA_WITH_AES_256_CBC_SHA, TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, TLS_DH_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DH_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_PSK_WITH_AES_256_CBC_SHA, TLS_DHE_PSK_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DH_RSA_WITH_AES_256_CBC_SHA256, TLS_DH_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384, TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, TLS_PSK_WITH_AES_256_CCM_8, TLS_PSK_WITH_AES_256_CCM, TLS_PSK_WITH_AES_256_CBC_SHA384, TLS_PSK_WITH_AES_256_GCM_SHA384, TLS_PSK_WITH_AES_256_CBC_SHA, TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS_PSK_WITH_ARIA_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, TLS_ECDHE_ECDSA_WITH_AES_128_CCM, TLS_PSK_DHE_WITH_AES_128_CCM_8, TLS_DHE_PSK_WITH_AES_128_CCM, TLS_DHE_RSA_WITH_AES_128_CCM_8, TLS_DHE_RSA_WITH_AES_128_CCM, TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, TLS_SRP_SHA_WITH_AES_128_CBC_SHA, TLS_AES_128_CCM_8_SHA256, TLS_AES_128_CCM_SHA256, TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, TLS_DH_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DH_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_PSK_WITH_AES_128_CBC_SHA, TLS_DHE_PSK_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DH_RSA_WITH_AES_128_CBC_SHA256, TLS_DH_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256, TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_PSK_WITH_AES_128_CCM_8, TLS_PSK_WITH_AES_128_CCM, TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_PSK_WITH_AES_128_GCM_SHA256, TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, TLS_PSK_WITH_ARIA_128_GCM_SHA256]]
FINE: JSSUtil: instance created
FINE: JSSUtil createSSLContextInternal(...) keyAlias=HSM:sslserver
FINE: JSSContext(HSM:sslserver)
FINE: JSSUtil: getKeyManagers()
FINE: JSSUtil: getTrustManagers()
FINE: JSSContext.init(...)
FINE: JSSContextSpi.engineInit([Ljavax.net.ssl.KeyManager;@236e3f4e, [Ljavax.net.ssl.TrustManager;@3cc1435c, null)
FINE: JSSContext.getServerSessionContext()
FINE: JSSContextSpi.engineGetServerSessionContext() - not implemented
INFO: PKIAuthenticator: Creating SSLAuthenticatorWithFallback
FINE: PKIAuthenticator: Setting container
FINE: PKIAuthenticator: Initializing authenticators
FINE: PKIAuthenticator: Starting authenticators
INFO: PKIListener: Subsystem CA is running.

@edewata
Copy link
Contributor Author

edewata commented Dec 16, 2020

Server connection log:

FINE: JSSContext.createSSLEngine()
FINE: JSSContextSpi.engineCreateSSLEngine()
FINE: JSSEngine: constructor()
FINE: JSSEngine: setKeyManager(org.mozilla.jss.provider.javax.crypto.JSSTokenKeyManager)
FINE: JSSEngine: setTrustManagers(
FINE:  - org.mozilla.jss.provider.javax.crypto.JSSNativeTrustManager
FINE: )
FINE: JSSKeyManager: getPrivateKey(HSM:sslserver)
FINE: JSSEngine.setUseClientMode(false)
FINE: JSSEngine: setEnabledProtocols(
FINE:         TLSv1,
FINE:         TLSv1.3,
FINE:         TLSv1.2,
FINE:         TLSv1.1,
FINE: )
FINE: JSSEngine: setEnabledProtocols()
FINE: JSSEngine: getEnabledCipherSuites()
FINE: JSSEngine: getEnabledProtocols()
FINE: JSSEngine: setEnabledProtocols()
FINE: JSSEngine.setWantClientAuth(true)
FINE: JSSEngine.setNeedClientAuth(false)
FINE: JSSEngine: getSession()
FINE: JSSEngine: getSession()
FINE: JSSEngine: getSession()
FINE: JSSEngine: getSession()
FINE: JSSEngine: beginHandshake()
FINE: JSSEngine: init()
FINE: JSSEngine: createBuffers()
FINE: JSSEngine: createBufferFD()
SEVERE: Error running socket processor
java.lang.RuntimeException: Unable to configure certificate and key on model SSL PRFileDesc proxy: SEC_ERROR_NO_MEMORY (-8173)
        at org.mozilla.jss.ssl.javax.JSSEngine.getServerTemplate(JSSEngine.java:993)
        at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.createBufferFD(JSSEngineReferenceImpl.java:322)
        at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.init(JSSEngineReferenceImpl.java:252)
        at org.mozilla.jss.ssl.javax.JSSEngineReferenceImpl.beginHandshake(JSSEngineReferenceImpl.java:634)
        at org.apache.tomcat.util.net.SecureNioChannel.processSNI(SecureNioChannel.java:348)
        at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:175)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1568)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)
FINE: JSSEngine: closeOutbound()
FINE: JSSEngine: wrap(ssl_fd=null)
FINE: JSSEngine: beginHandshake()
FINE: JSSEngine: init()
FINE: JSSEngine: createBuffers()
FINE: JSSEngine: createBufferFD()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@edewata