JDK-8222805 : sun/security/pkcs11/tls/tls12/TestTLS12.java fails with Unsupported signature algorithm: rsa_pss_rsae_sha256
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 13
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: windows
  • CPU: x86_64
  • Submitted: 2019-04-22
  • Updated: 2019-07-11
  • Resolved: 2019-04-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 13
13 b18Fixed
Related Reports
Relates :  
Relates :  
Description
javax.net.ssl.SSLException: Unsupported signature algorithm: rsa_pss_rsae_sha256
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
	at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeMessage.<init>(DHServerKeyExchange.java:143)
	at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeProducer.produce(DHServerKeyExchange.java:483)
	at java.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1102)
	at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:854)
	at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:813)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1231)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1218)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:690)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1163)
	at TestTLS12$testTLS12SunPKCS11Communication.runDelegatedTasks(TestTLS12.java:370)
	at TestTLS12$testTLS12SunPKCS11Communication.run(TestTLS12.java:319)
	at TestTLS12.main(TestTLS12.java:99)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:567)
	at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
	at java.base/java.lang.Thread.run(Thread.java:835)
Caused by: java.security.NoSuchAlgorithmException: RSASSA-PSS Signature not available
	at java.base/java.security.Signature.getInstance(Signature.java:267)
	at java.base/sun.security.ssl.SignatureScheme.getSignature(SignatureScheme.java:473)
	at java.base/sun.security.ssl.DHServerKeyExchange$DHServerKeyExchangeMessage.<init>(DHServerKeyExchange.java:139)
	... 19 more
Comments
With further testing, this test, which was moved to sun/security/pkcs11/tls/tls12/FipsModeTLS12.java, passes with jdk13-23 on windows-x64. Although the test fails with later builds (e.g. jdk13+24) due to JDK-8211018, this issue should be fixed.
11-07-2019

Just noticed that this issue is related to windows, but I verified it on macosx. And in fact, the test is in ProblemList due to JDK-8224954 and JDK-8225678 (which was closed as duplicate of JDK-8226338).
10-07-2019

Verified by running test sun/security/pkcs11/tls/tls12/FipsModeTLS12.java with jdk13+28
09-07-2019

Bumping this from P3 -> P2. This failure appears to be happening in every Tier2 CI job set so that makes it rather noisy.
23-04-2019

[~mbalao] Can you please look at this as it seems to be caused by your fix for JDK-8221271? Thanks.
22-04-2019