Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-636

CKR_DOMAIN_PARAMS_INVALID exception when creating SSL connection and using openjdk

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Cannot Reproduce
    • Affects Version/s: 3.8.0
    • Fix Version/s: None
    • Component/s: Core
    • Labels:

      Description

      The latest svn version of openfire is unable to process SSL/TLS connection on my server. The symptoms are that a clients (gajim in my case) connection attempt stall, the exception is thrown but the TCP socket is not closed.

      2013.02.26 14:06:57 org.jivesoftware.openfire.nio.ConnectionHandler - ConnectionHandler reports unexpected exception for session: (SOCKET, R: /46.244.217.124:34544, L: /78.47.171.60:5222, S: 0.0.0.0/0.0.0.0:5222)
      java.lang.RuntimeException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
              at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1029)
              at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:508)
              at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:759)
              at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:727)
              at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
              at org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:658)
              at org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:614)
              at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:493)
              at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306)
              at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
              at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
              at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
              at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
              at org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived(AbstractIoFilterChain.java:499)
              at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
              at org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(AbstractIoFilterChain.java:293)
              at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:228)
              at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:198)
              at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:45)
              at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:485)
              at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
              at java.lang.Thread.run(Thread.java:636)
      Caused by: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
              at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:323)
              at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:673)
              at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63)
              at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:991)
              at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:872)
              at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:801)
              at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:576)
              at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:170)
              at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
              at sun.security.ssl.Handshaker$1.run(Handshaker.java:550)
              at sun.security.ssl.Handshaker$1.run(Handshaker.java:548)
              at java.security.AccessController.doPrivileged(Native Method)
              at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:969)
              at org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:686)
              at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:486)
              ... 16 more
      Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
              at sun.security.pkcs11.wrapper.PKCS11.C_GenerateKeyPair(Native Method)
              at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:314)
              ... 30 more
      

      References:

      I'm atm not really sure if it's an openjdk, mina, or JVM problem.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                flow Florian Schmaus
              • Votes:
                4 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: