Search This Blog

Monday, July 25, 2011

Websphere - RSA premaster secret error , Illegal key size or default parameter

When i used signer with strong RSA key greater than 2048 bits on my Websphere 6.1 ( i did not test it on newer version) ,  i get the next exception  - see below.


its looks like websphere 6.1 could not handle stronger cryptography greater than 2048bits, and you need to expand/enhance websphere to allow for it to work with RSA keys greather than 2048.


to fix such behavior,  install the unrestricted policy files following the next steps:
 - Make a backup of the current policy files: local_policy.jar and      
US_export_policy.jar located at "jre\lib\security". The files should be
backed up outside of classpath.                                        
- Remove the current policy files from "jre\lib\security" completely.  
Renaming is not enough.                                                
- Download the unrestricted policy files from                          
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk
- Copy the new policy files to "jre\lib\security"                      
- Restart WAS/APP/JVM and verify the results                            


good luck 
Yaniv Tzanany



this is the exception when you used the default setting and try to work with RSA grater than 2048 under webspehere:


javax.net.ssl.SSLKeyException: RSA premaster secret error
   at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
   at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:83)
   at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84)
   at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
   at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
   at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
   at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
   at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)


Caused by: com.ctc.wstx.exc.WstxIOException: Connection has been shutdown: javax.net.ssl.SSLKeyException: RSA premaster secret error
   at com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:1692)
   at com.ctc.wstx.sw.BaseStreamWriter.close(BaseStreamWriter.java:288)
   at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.close(XMLStreamWriterWrapper.java:46)
   at org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:174)
   at org.apache.axiom.om.impl.llom.OMSerializableImpl.serializeAndConsume(OMSerializableImpl.java:197)
   at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:79)
   ... 79 more
Caused by: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLKeyException: RSA premaster secret error
   at com.ibm.jsse2.jc.i(jc.java:211)
   at com.ibm.jsse2.jc.j(jc.java:399)
   at com.ibm.jsse2.j.write(j.java:19)
   at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:88)
   at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:146)
   at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
   at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:99)
   at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
   at com.ctc.wstx.sw.BufferingXmlWriter.close(BufferingXmlWriter.java:194)
   at com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:1690)
   ... 84 more
Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error
   at com.ibm.jsse2.cb.(cb.java:57)
   at com.ibm.jsse2.eb.a(eb.java:192)
   at com.ibm.jsse2.eb.a(eb.java:114)
   at com.ibm.jsse2.db.m(db.java:208)
   at com.ibm.jsse2.db.a(db.java:259)
   at com.ibm.jsse2.jc.a(jc.java:271)
   at com.ibm.jsse2.jc.g(jc.java:403)
   at com.ibm.jsse2.jc.a(jc.java:401)
   at com.ibm.jsse2.j.write(j.java:10)
   at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:88)
   at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:146)
   at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
   at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:99)
   at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
   at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
   at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)
   at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:184)
   at org.apache.axis2.databinding.utils.writer.MTOMAwareXMLSerializer.flush(MTOMAwareXMLSerializer.java:79)
   at org.apache.axis2.databinding.ADBDataSource.serialize(ADBDataSource.java:94)
   at org.apache.axiom.om.impl.llom.OMSourcedElementImpl.internalSerialize(OMSourcedElementImpl.java:691)
   at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerialize(OMElementImpl.java:965)
   at org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.serializeInternally(SOAPEnvelopeImpl.java:283)
   at org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.internalSerialize(SOAPEnvelopeImpl.java:245)
   at org.apache.axiom.om.impl.llom.OMSerializableImpl.serializeAndConsume(OMSerializableImpl.java:193)
   ... 80 more
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
   at javax.crypto.Cipher.a(Unknown Source)
   at javax.crypto.Cipher.a(Unknown Source)
   at javax.crypto.Cipher.a(Unknown Source)
   at javax.crypto.Cipher.init(Unknown Source)
   at com.ibm.jsse2.cb.(cb.java:8)                                                    

No comments: