JDK-7177037 : Cacao JMX client fails with CRYPTO_MECHANISM_INVALID on S11U1 build 17 with java 1.7.0.4
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7u4
  • Priority: P1
  • Status: Closed
  • Resolution: Cannot Reproduce
  • OS: solaris_11
  • CPU: generic
  • Submitted: 2012-06-14
  • Updated: 2012-06-21
  • Resolved: 2012-06-14
Related Reports
Relates :  
JDK-7169833 - Need to determine native mech value at runtime
Description
Cacao is a master piece of Opscenter infrastucture.
Its administrative command line interface cacaoadm communicates with the Cacao agent through a JMX client using TLS.
This used to work for years until this build 4 of JDK 7 introduced in S11U1_17.
Note that the problem doesn't exist with build 3 of JDK7 in S11U1_15, neither on earlier builds of java and S11U1.
This happens at
    *** ServerHello, TLSv1
with
    %% Invalidated:  [Session-1, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
    main, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
    main, WRITE: TLSv1 Alert, length = 2
    [Raw write]: length = 7
    0000: 15 03 01 00 02 02 2E                               .......
    main, called closeSocket()
    main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed:java.security.cert.CertPathValidatorException: signature check failed
    main, called close()
Attached the full trace.
Please tell me how can I help providing more information.
I can also give you access to the platform where Cacao is running with a simple JMX client for reproducing the problem.
Thx
fred