openjsse / openjsse Goto Github PK

OpenJSSE: A JSSE provider that supports TLS 1.3 on Java SE 8

License: GNU General Public License v2.0

Java 100.00%

openjsse's Introduction

OpenJSSE

OpenJSSE: A JSSE provider that supports TLS 1.3 on Java SE 8.

The OpenJSSE project was created to add support for TLS 1.3 to existing Java 8 applications without requiring code changes, and to provide a means to programmatically to code to TLS 1.3 and RSASSA-PSS capabilities not directly available via the Java SE 8 APIs.

When using the OpenJSSE JSSE provider, both clients and servers will auto-negotiate TLS 1.3, unless explicitly configured otherwise, while still including full support for all TLS behaviors found in Java SE 8.

The public API for OpenJSSE is located in the org.openjsse.javax.net.ssl and org.openjsse.java.security.spec packages and is similar to the Java SE 11 javax.net.ssl and java.security.spec package APIs.

Code origins and evolution

The project code is comprised primarily of a backport (to Java 8) of the OpenJDK 11 implementations of various components that together comprise of a TLS 1.3 JSSE provider. While small modification were needed in order to make the code work on Java 8 JREs, the structure of the OpenJDK 11 code has been kept mostly intact, with associated packages placed under the org.openjsse.* namespace to avoid collisions.

The code for this project is licensed under the OpenJDK GPLv2 + CPE license, as described in the LICENSE file at the base of this repository and in notices found in the various source files.

The project is created and actively supported by engineers from Azul Systems.

OpenJDK 8 to OpenJSSE version mapping

OpenJDK8u	OpenJSSE
1.8.0_222	1.1.0
1.8.0_231	1.1.1
1.8.0_232	1.1.1
1.8.0_241	1.1.2
1.8.0_242	1.1.2
1.8.0_251	1.1.2
1.8.0_252	1.1.3
1.8.0_261	1.1.4
1.8.0_262	1.1.4
1.8.0_271	1.1.5
1.8.0_272	1.1.5
1.8.0_281	1.1.5
1.8.0_282	1.1.5
1.8.0_291	1.1.6
1.8.0_292	1.1.6
1.8.0_301	1.1.7
1.8.0_302	1.1.7
1.8.0_311	1.1.8
1.8.0_312	1.1.8
1.8.0_321	1.1.9
1.8.0_322	1.1.9
1.8.0_331	1.1.10
1.8.0_332	1.1.10
1.8.0_341	1.1.10
1.8.0_342	1.1.10
1.8.0_351	1.1.10
1.8.0_352	1.1.10
1.8.0_361	1.1.11
1.8.0_362	1.1.11
1.8.0_371	1.1.12
1.8.0_372	1.1.12
1.8.0_381	1.1.13
1.8.0_382	1.1.13
1.8.0_391	1.1.14
1.8.0_392	1.1.14

openjsse's People

Contributors

Stargazers

Watchers

openjsse's Issues

TLS 1.2 When Running Example

When running the example and connecting to https://google.com, the results show I'm connecting with TLS 1.2 instead of 1.3. Some details below. Any thoughts?

connect to https://google.com using OpenJSSE provider
Protocol = TLSv1.2
Cipher Suite = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Peer DN = CN=*.google.com,O=Google LLC,L=Mountain View,ST=California,C=US
Protocol = TLSv1.2
Cipher Suite = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Peer DN = CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US
Response Code= 200

My "modified" main method running with Zulu 1.8.0u222.

public static void main(String[] args) {
if (args.length == 0) {
System.out.println("No server url provided");
return;
}
try {
Security.insertProviderAt(new OpenJSSE(), 1);
// Create URLConnection from https server address
URL url = new URL(args[0]);
new OpenJsseTest().connect(url);
} catch (MalformedURLException e) {
System.out.println("Malformed URL " + args[0]);
}
}

How does openjsse package?

I used the maven clean, package command to compile and package with an error, there are a lot of class tips can not be found.I searched from the Internet, but did not find the missing bag, can you help me?Thank you
The error message is as follows:

[ERROR] COMPILATION ERROR : 
[INFO] -------------------------------------------------------------
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[35,1] 程序包sun.security.util.math不存在
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[36,1] 程序包sun.security.util.math.intpoly不存在
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[51,26] 找不到符号
  符号:   类 IntegerFieldModuloP
  位置: 类 org.openjsse.com.sun.crypto.provider.Poly1305
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[58,13] 找不到符号
  符号:   类 IntegerModuloP
  位置: 类 org.openjsse.com.sun.crypto.provider.Poly1305
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[59,13] 找不到符号
  符号:   类 IntegerModuloP
  位置: 类 org.openjsse.com.sun.crypto.provider.Poly1305
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[60,13] 找不到符号
  符号:   类 MutableIntegerModuloP
  位置: 类 org.openjsse.com.sun.crypto.provider.Poly1305
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[61,19] 找不到符号
  符号:   类 MutableIntegerModuloP
  位置: 类 org.openjsse.com.sun.crypto.provider.Poly1305
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[52,17] 找不到符号
  符号:   类 IntegerPolynomial1305
  位置: 类 org.openjsse.com.sun.crypto.provider.Poly1305
[INFO] 8 errors 
[INFO] -------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  6.953 s
[INFO] Finished at: 2019-10-17T14:51:51+08:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project openjsse: Compilation failure: Compilation failure: 
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[35,1] 程序包sun.security.util.math不存在
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[36,1] 程序包sun.security.util.math.intpoly不存在
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[51,26] 找不到符号
[ERROR]   符号:   类 IntegerFieldModuloP
[ERROR]   位置: 类 org.openjsse.com.sun.crypto.provider.Poly1305
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[58,13] 找不到符号
[ERROR]   符号:   类 IntegerModuloP
[ERROR]   位置: 类 org.openjsse.com.sun.crypto.provider.Poly1305
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[59,13] 找不到符号
[ERROR]   符号:   类 IntegerModuloP
[ERROR]   位置: 类 org.openjsse.com.sun.crypto.provider.Poly1305
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[60,13] 找不到符号
[ERROR]   符号:   类 MutableIntegerModuloP
[ERROR]   位置: 类 org.openjsse.com.sun.crypto.provider.Poly1305
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[61,19] 找不到符号
[ERROR]   符号:   类 MutableIntegerModuloP
[ERROR]   位置: 类 org.openjsse.com.sun.crypto.provider.Poly1305
[ERROR] /D:/idea_workspace/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[52,17] 找不到符号
[ERROR]   符号:   类 IntegerPolynomial1305
[ERROR]   位置: 类 org.openjsse.com.sun.crypto.provider.Poly1305
[ERROR] -> [Help 1]

Latest released versions not available on Maven

I do not see new releases on Maven repo. Is there a plan to list it there?
https://mvnrepository.com/artifact/org.openjsse/openjsse

IntegerPolynomial1305

I have Oracle JDK 1.8.0_241 = 8u241 and I get this error trying to compile with mvn package:

[ERROR] /home/ian/openjsse/src/main/java/org/openjsse/com/sun/crypto/provider/Poly1305.java:[52,17] cannot find symbol
  symbol:   class IntegerPolynomial1305
  location: class org.openjsse.com.sun.crypto.provider.Poly1305

You say here: #12 (comment) that we need JDK 8u222 or later. But also here: #11 (comment) @zipleen mentioned getting the same error with 8u231. On the Oracle site the available versions are 221, 231, 241: 8u222 isn't available.

So what's the story? What version JDK will work with this?

Fails on early JDK 8 versions

Exception in thread "main" java.lang.NoSuchMethodError: sun.security.action.GetPropertyAction.privilegedGetProperty(Ljava/lang/String;)Ljava/lang/String;
	at org.openjsse.sun.security.ssl.SSLLogger.<clinit>(SSLLogger.java:162)
	at org.openjsse.sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:62)
	at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:250)
	at okhttp3.internal.platform.OpenJSSEPlatform.platformTrustManager(OpenJSSEPlatform.kt:45)
	at okhttp3.OkHttpClient.<init>(OkHttpClient.kt:219)
	at okhttp3.OkHttpClient$Builder.build(OkHttpClient.kt:955)
	at okhttp3.curl.Main.createClient(Main.kt:176)
	at okhttp3.curl.Main.run(Main.kt:117)
	at picocli.CommandLine.executeUserObject(CommandLine.java:1729)
	at picocli.CommandLine.access$900(CommandLine.java:145)
	at picocli.CommandLine$RunLast.handle(CommandLine.java:2101)
	at picocli.CommandLine$RunLast.handle(CommandLine.java:2068)
	at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1935)
	at picocli.CommandLine.execute(CommandLine.java:1864)
	at okhttp3.curl.Main$Companion.main(Main.kt:241)
	at okhttp3.curl.Main.main(Main.kt)

Maybe just needs minimum versions to be documented.

java -version
java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)

Goal of OpenJSSE

OpenJSSE: A JSSE provider that supports TLS 1.3 on Java SE 8.

Since this is now backported anyway, is the goal of the project to bring latest changes from JDK 11 or the LTS?

Hybrid Implementation

Hello there,

I know im kind of misusing the issue the command here, but i couldnt really find another way to get in touch with the people responsible for this project. Im currently doing my Bachelores Degree in Computer Science and as a part of that im trying to implement a hybrid version of TLS 1.3 in Java. However i cant seem to get the source code running properly on my end, which is most likely my fault, however i was hoping to get in touch with someone who might be able to help me out to work with the project and hopefully expand on it.

Best Regards :)

Does not work

According to the https://www.azul.com/press_release/azul-systems-brings-updated-transport-layer-security-to-java-se-8/ "it has created OpenJSSE, an open source implementation of TLS 1.3 for Java SE 8, and has included it in the latest releases of its Zulu Community and Zulu Enterprise products."
... "Zulu builds of OpenJDK 8 now include the OpenJSSE TLS 1.3 JSSE provider, which can be used to enable TLS 1.3 support with no application or code changes. "
...""“Azul is now making it possible for Java deployments to enable TLS 1.3 support in their existing Java 8-based applications without changing a line of code,“"
--- "Free Zulu Community builds of OpenJDK 8 incorporating TLS 1.3 support are available for download at https://www.azul.com/downloads/zulu."

But after I downloaded the latest version of Zulu 1.8.

$ java -version
openjdk version "1.8.0_232"
OpenJDK Runtime Environment (Zulu 8.42.0.23-CA-linux64) (build 1.8.0_232-b18)
OpenJDK 64-Bit Server VM (Zulu 8.42.0.23-CA-linux64) (build 25.232-b18, mixed mode)

I update a little in the example
as

 try {
			String TLS = "TLSv1.3";
			System.setProperty("https.protocols", TLS);

			URL url = new URL("https://172.30.71.159:443");
			new HttpsClient().connect(url);
		} catch (Exception e) {
			System.out.println(e);
		}
	}

And find it does not work
find output is

Connect to https://172.30.71.159:443 using SunJSSE provider
java.lang.IllegalArgumentException: TLSv1.3

My question is does it really work?
and is it really included in Zulu JDK 1.8?
How to use it?

Support of PKCS#11 PSS Padding parameter in RSASSA-PSS signature Scheme TLS1.3

I upgraded my application to TLS1.3 and in this version RSASSA-PSS signature scheme is used and it known that this scheme requires PSS parameter. Now the problem is my TLS Client Auth key held in PKCS#11 device and device need its own PSS parameter.

Please give it support to add custom PSS parameters for PKCS11 provider.

Seems the tls connection reading with tls1.2 and writing with tls1.3

I'm using Openjsse to replace the default ssl provider in JDK8 for Tomcat9 and my client application(CXF). Only specified TLSv1.3 in client side.
But in Tomcat log file, seems the client send tlsv1.2 handshake to Tomcat, but the tlsv13 is used after negotiation. (Data transfer between client and tomcat is OK.)
However Tomcat seemed to read with tls1.2 since the following log:
javax.net.ssl|DEBUG|91|https-jsse-nio-21230-exec-8|2020-05-22 10:43:39.504 CST|SSLEngineInputRecord.java:215|READ: TLSv1.2 handshake, length = 270
javax.net.ssl|DEBUG|8D|https-jsse-nio-21230-exec-4|2020-05-22 10:43:21.782 CST|SSLEngineInputRecord.java:215|READ: TLSv1.2 change_cipher_spec, length = 1
javax.net.ssl|DEBUG|8E|https-jsse-nio-21230-exec-5|2020-05-22 10:43:21.928 CST|SSLEngineInputRecord.java:215|READ: TLSv1.2 application_data, length = 85

following is the logs for clienthello:

_javax.net.ssl|DEBUG|8A|https-jsse-nio-21230-exec-1|2020-05-22 10:43:21.437 CST|SSLEngineInputRecord.java:215|READ: TLSv1.2 handshake, length = 270
javax.net.ssl|WARNING|8A|https-jsse-nio-21230-exec-1|2020-05-22 10:43:21.455 CST|SupportedGroupsExtension.java:365|No AlgorithmParameters for x25519 (
"throwable" : {
java.security.NoSuchAlgorithmException: Algorithm x25519 not available
at javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:184)
at org.openjsse.sun.security.ssl.SupportedGroupsExtension$NamedGroup.(SupportedGroupsExtension.java:354)
at org.openjsse.sun.security.ssl.SupportedGroupsExtension$NamedGroup.(SupportedGroupsExtension.java:387)
at org.openjsse.sun.security.ssl.SupportedGroupsExtension$NamedGroup.(SupportedGroupsExtension.java:272)
at org.openjsse.sun.security.ssl.SupportedGroupsExtension$SupportedGroups.(SupportedGroupsExtension.java:585)
at org.openjsse.sun.security.ssl.SupportedGroupsExtension.(SupportedGroupsExtension.java:64)
at org.openjsse.sun.security.ssl.SSLExtension.(SSLExtension.java:138)
at org.openjsse.sun.security.ssl.SSLConfiguration.getEnabledExtensions(SSLConfiguration.java:344)
at org.openjsse.sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:802)
at org.openjsse.sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at org.openjsse.sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at org.openjsse.sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1097)
at org.openjsse.sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1084)
at java.security.AccessController.doPrivileged(Native Method)
at org.openjsse.sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1031)
at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:443)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:507)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1566)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)}

)
javax.net.ssl|WARNING|8A|https-jsse-nio-21230-exec-1|2020-05-22 10:43:21.455 CST|SupportedGroupsExtension.java:365|No AlgorithmParameters for x448 (
"throwable" : {
java.security.NoSuchAlgorithmException: Algorithm x448 not available
at javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:184)
at org.openjsse.sun.security.ssl.SupportedGroupsExtension$NamedGroup.(SupportedGroupsExtension.java:354)
at org.openjsse.sun.security.ssl.SupportedGroupsExtension$NamedGroup.(SupportedGroupsExtension.java:387)
at org.openjsse.sun.security.ssl.SupportedGroupsExtension$NamedGroup.(SupportedGroupsExtension.java:275)
at org.openjsse.sun.security.ssl.SupportedGroupsExtension$SupportedGroups.(SupportedGroupsExtension.java:585)
at org.openjsse.sun.security.ssl.SupportedGroupsExtension.(SupportedGroupsExtension.java:64)
at org.openjsse.sun.security.ssl.SSLExtension.(SSLExtension.java:138)
at org.openjsse.sun.security.ssl.SSLConfiguration.getEnabledExtensions(SSLConfiguration.java:344)
at org.openjsse.sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:802)
at org.openjsse.sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at org.openjsse.sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at org.openjsse.sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1097)
at org.openjsse.sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1084)
at java.security.AccessController.doPrivileged(Native Method)
at org.openjsse.sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1031)
at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:443)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:507)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1566)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)}

)
javax.net.ssl|WARNING|8A|https-jsse-nio-21230-exec-1|2020-05-22 10:43:21.501 CST|SignatureScheme.java:291|Signature algorithm, ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|8A|https-jsse-nio-21230-exec-1|2020-05-22 10:43:21.502 CST|SignatureScheme.java:291|Signature algorithm, ed448, is not supported by the underlying providers
javax.net.ssl|DEBUG|8A|https-jsse-nio-21230-exec-1|2020-05-22 10:43:21.512 CST|ClientHello.java:808|Consuming ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "EC 0D 8E 9E C8 D5 3D 93 72 58 2D F6 48 FF DB 9D 62 C5 6B 12 67 13 DB 2F F8 B9 FB FB AB 13 8D 34",
"session id" : "98 E6 44 54 F7 94 C8 DE 2D D6 FA AB 12 F3 FA 10 7A FA 91 38 8E BC 4B AA 8C C6 F8 33 C5 98 97 3E",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
"compression methods" : "00",
"extensions" : [
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id":
"request extensions": {

}
}
},
"supported_groups (10)": {
"versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": secp256r1
"key_exchange": {
0000: 04 85 C2 83 D3 B8 03 65 A3 F3 D3 FD 8A 1E 89 E9 .......e........
0010: 14 15 0D 70 74 82 3D 0F C8 18 64 19 91 62 92 AD ...pt.=...d..b..
0020: 3A DD DF 1D 23 B7 E5 A3 E1 EE 25 37 19 E4 73 AC :...#.....%7..s.
0030: 5B 0E 5A D1 A9 DE 4D 64 5A 53 CC 2D EF 48 B6 EC [.Z...MdZS.-.H..
0040: 6E
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|8A|https-jsse-nio-21230-exec-1|2020-05-22 10:43:21.512 CST|SSLExtensions.java:189|Consumed extension: supported_versions
javax.net.ssl|DEBUG|8A|https-jsse-nio-21230-exec-1|2020-05-22 10:43:21.512 CST|ClientHello.java:838|Negotiated protocol version: TLSv1.3_

Does this mean TLSv1.3 is working or the connection is still using TLSv1.2?

Thanks!

Can openjsse work with IBM JDK8?

I tried openjsse on IBM JDK8. It looks like openjsse is build on openjdk natively with sun package. It doesn't work on IBM jdk8. Anyone tried this?

Support to work with GRPC netty

Hi,

We are facing a classCastException issue while using grpc netty handlers along with OpenJSSE.

Raised a bug against GRPC java as given below
grpc/grpc-java#7907

Comments from @ejona86,
It looks like a bug/restriction in OpenJSSE. OpenJSSE assumes that engine is its own. That's inappropriate. If it will be doing that, then it is knowingly restricting its usage and it will cause incompatibilities.

Thanks, Bapi

Openjsse 1.1.14 fails with Zulu 8.44.0.11-CA-win64 (build 1.8.0_242-b20)

I upgraded OpenJSSE from 1.1.12 to 1.1.14 the tomcat fails with below stacktrace

Jan 29, 2021 4:17:42 PM org.apache.tomcat.util.net.NioEndpoint$SocketProcessor doRun
INFO | jvm 1 | 2021/01/29 16:17:42 | SEVERE: Error running socket processor
INFO | jvm 1 | 2021/01/29 16:17:42 | java.lang.NoSuchMethodError: org.openjsse.javax.net.ssl.SSLParameters.setApplicationProtocols([Ljava/lang/String;)V
INFO | jvm 1 | 2021/01/29 16:17:42 | at org.openjsse.sun.security.ssl.SSLConfiguration.getSSLParameters(SSLConfiguration.java:220)
INFO | jvm 1 | 2021/01/29 16:17:42 | at org.openjsse.sun.security.ssl.SSLEngineImpl.getSSLParameters(SSLEngineImpl.java:901)
INFO | jvm 1 | 2021/01/29 16:17:42 | at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLEngine(AbstractJsseEndpoint.java:124)
INFO | jvm 1 | 2021/01/29 16:17:42 | at org.apache.tomcat.util.net.SecureNioChannel.processSNI(SecureNioChannel.java:329)
INFO | jvm 1 | 2021/01/29 16:17:42 | at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:175)
INFO | jvm 1 | 2021/01/29 16:17:42 | at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1568)
INFO | jvm 1 | 2021/01/29 16:17:42 | at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
INFO | jvm 1 | 2021/01/29 16:17:42 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
INFO | jvm 1 | 2021/01/29 16:17:42 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
INFO | jvm 1 | 2021/01/29 16:17:42 | at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
INFO | jvm 1 | 2021/01/29 16:17:42 | at java.lang.Thread.run(Thread.java:748)

Versions 3, 4, and 5, and up use a bad POM.XML

The POM.XML should not have a leading Carriage return.... Causes XML parse error in browsers and Kotlin/Gradle build...

Preferred way to activate OpenJSSE

Your example assumes that OpenJSSE is already installed as the priority provider for SSL etc. It seems on your own VMs, you'll have a command line option to enable (-XX:+UseOpenJSSE) or maybe make it the default.

But what's the advice for OpenJDK users?

edit the java.security config file?
Register with Security.insertProviderAt
Direct usage of org.openjsse.sun.security.ssl.SSLSocketFactoryImpl

3 seems the most likely because you may need to configure ALPN etc.

Dual licensed in pom.xml

LInes


        <license>
            <name>BSD-2-Clause</name>
            <url>https://opensource.org/licenses/BSD-2-Clause</url>
        </license>

in pom.xml seems to be inconsistent with other places mentioning the License (README, LICENSE) Is it a bug in pom.xml?

Unrecognized VM option 'UseOpenJSSE'

After upgrading from java version 332 to 372 I get the following message from JVM:

Unrecognized VM option 'UseOpenJSSE'
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.

Is this a known issue?

TlsMasterSecretGenerator Error

When trying to use openjsse to connect to a server running JRE 8 w/o openjsse, we fail with a TLSMasterSecretGenerator issue. Attached is the info dumped when I enable ssl:handshake debug. Connecting to a server that supports openjsse seems to work fine.


C:\niagara\r49\niagara_dev_home>wb -@Xbootclasspath/a:c:/niagara/r49/niagara_home/bin/openjsse-1.1.1-SNAPSHOT.jar [email protected]=ssl:handshake
*******************************************************
**** DEVELOPER BUILD FOR INTERNAL TRIDIUM USE ONLY ****
*******************************************************
INFO [nre] Launching Niagara Runtime Environment
INFO [15:26:19 23-Sep-19 EDT][nre] Booting
INFO [15:26:19 23-Sep-19 EDT][sys] Logging initialized
WARNING [15:26:19 23-Sep-19 EDT][sys] **** DEVELOPER BUILD FOR INTERNAL TRIDIUM USE ONLY ****
INFO [15:26:22 23-Sep-19 EDT][sys.registry] Up-to-date [366ms]
INFO [15:26:22 23-Sep-19 EDT][sys.registry] Loaded [47ms]
WARNING [15:26:24 23-Sep-19 EDT][sys] Security Manager developer mode enabled. It is recommended to switch off this mode as soon as possible.
FINE [15:26:24 23-Sep-19 EDT][crypto] loading C:\niagara\r49\niagara_home\security\signing\signers
FINE [15:26:24 23-Sep-19 EDT][crypto] C:\niagara\r49\niagara_home\security\signing\signers loaded (62ms)
FINEST [15:26:25 23-Sep-19 EDT][crypto] WbCryptoFactory started
INFO [15:26:25 23-Sep-19 EDT][sys] Niagara runtime booted ("C:\niagara\r49\niagara_home") on Win-3747-FAAB-81E1-072F (7755ms)
INFO [15:26:26 23-Sep-19 EDT][wb.service] Started service library:WbLibraryService
INFO [15:26:30 23-Sep-19 EDT][com.tridium.workbench.shell] startup complete (11264ms)
javax.net.ssl|WARNING|13|AWT-EventQueue-0|2019-09-23 15:26:39.684 EDT|ServerNameExtension.java:256|Unable to indicate server name
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:39.685 EDT|SSLExtensions.java:257|Ignore, context unavailable extension: server_name
javax.net.ssl|INFO|13|AWT-EventQueue-0|2019-09-23 15:26:39.699 EDT|AlpnExtension.java:161|No available application protocols
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:39.700 EDT|SSLExtensions.java:257|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:39.701 EDT|SSLExtensions.java:257|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:39.729 EDT|SSLExtensions.java:257|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:39.729 EDT|PreSharedKeyExtension.java:660|No session to resume.
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:39.729 EDT|SSLExtensions.java:257|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:39.733 EDT|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "AC E7 53 2C 8E A0 40 78 7C F9 A9 1F 05 B5 BC 0D 9E EF 04 47 76 E8 89 F7 35 1B B5 72 36 C7 ED C7",
  "session id"          : "60 3D 69 FD 3E EE ED 58 4A 4D DB BD F0 CC 82 85 43 4A 4E AA 54 3E 0B 55 3C D3 FA 9D B1 8E FC 6D",
  "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
  "extensions"          : [
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ed25519, ed448, ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ed25519, ed448, ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
      "cert status request": {
        "certificate status type": ocsp_multi
        "OCSP status request": {
          "responder_id": <empty>
          "request extensions": {
            <empty>
          }
        }
      }
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": secp256r1
          "key_exchange": {
            0000: 04 5A FD 19 50 C7 13 EE   43 25 B5 F3 44 66 3E EF  .Z..P...C%..Df>.
            0010: 85 6F 37 E5 40 AF F1 6A   ED 6A 41 DD BC AB BF 0C  [email protected].....
            0020: 03 A7 4F F2 F9 42 63 67   C0 F3 B5 64 8C 50 AC 84  ..O..Bcg...d.P..
            0030: 27 98 BB 09 DE 63 6C CB   D4 9C FD 1E 88 A6 7D 00  '....cl.........
            0040: 4B
          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.103 EDT|ServerHello.java:871|Consuming ServerHello handshake message (
"ServerHello": {
  "server version"      : "TLSv1.2",
  "random"              : "5D 89 1C 81 13 FF F9 DB FB 7A 01 C4 A1 0C 56 FC BD 50 A3 32 39 01 0C 71 80 F5 7C 73 B1 0B 24 7D",
  "session id"          : "5D 89 1C 81 32 24 B9 26 F9 DD 6D 95 04 55 83 D7 FD 46 BA 20 E2 4E 9A 39 06 7B AE 8B BE B7 05 5C",
  "cipher suite"        : "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
  "compression methods" : "00",
  "extensions"          : [
    "renegotiation_info (65,281)": {
      "renegotiated connection": [<no renegotiated connection>]
    },
    "extended_master_secret (23)": {
      <empty>
    }
  ]
}
)
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.105 EDT|SSLExtensions.java:170|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.106 EDT|ServerHello.java:967|Negotiated protocol version: TLSv1.2
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.107 EDT|SSLExtensions.java:189|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.107 EDT|SSLExtensions.java:170|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.107 EDT|SSLExtensions.java:170|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.108 EDT|SSLExtensions.java:170|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.108 EDT|SSLExtensions.java:170|Ignore unavailable extension: ec_point_formats
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.108 EDT|SSLExtensions.java:170|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.109 EDT|SSLExtensions.java:189|Consumed extension: extended_master_secret
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.109 EDT|SSLExtensions.java:160|Ignore unsupported extension: supported_versions
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.109 EDT|SSLExtensions.java:160|Ignore unsupported extension: key_share
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.109 EDT|SSLExtensions.java:189|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.110 EDT|SSLExtensions.java:160|Ignore unsupported extension: pre_shared_key
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.110 EDT|SSLExtensions.java:204|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.110 EDT|SSLExtensions.java:204|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.111 EDT|SSLExtensions.java:204|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.111 EDT|SSLExtensions.java:204|Ignore unavailable extension: ec_point_formats
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.112 EDT|SSLExtensions.java:204|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.112 EDT|SSLExtensions.java:204|Ignore unavailable extension: status_request_v2
javax.net.ssl|WARNING|13|AWT-EventQueue-0|2019-09-23 15:26:42.112 EDT|SSLExtensions.java:212|Ignore impact of unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.112 EDT|SSLExtensions.java:204|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.113 EDT|SSLExtensions.java:204|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|13|AWT-EventQueue-0|2019-09-23 15:26:42.113 EDT|SSLExtensions.java:212|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.114 EDT|SSLExtensions.java:204|Ignore unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.122 EDT|CertificateMessage.java:357|Consuming server Certificate handshake message (
"Certificates": [
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "46 E4 05 80 DB 42 75 21 0E 6B A5 B5",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "C=us, O=tridium, OU=lab, CN=va51tr2ca",
    "not before"         : "2019-07-19 22:09:34.000 EDT",
    "not  after"         : "2021-07-18 22:09:34.000 EDT",
    "subject"            : "CN=va51tr2, OU=lab, O=tridium, C=us",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 2.5.29.35 Criticality=false
        AuthorityKeyIdentifier [
        KeyIdentifier [
        0000: 9F 4D DD 0A 80 98 85 6F   55 73 70 AD 11 C4 5D ED  .M.....oUsp...].
        0010: 6B 34 A4 56                                        k4.V
        ]
        [C=us, O=tridium, OU=lab, CN=va51tr2ca]
        SerialNumber: [    46e40580 fa36b760 23a3949e]
        ]
      },
      {
        ObjectId: 2.5.29.37 Criticality=false
        ExtendedKeyUsages [
          serverAuth
          clientAuth
        ]
      },
      {
        ObjectId: 2.5.29.18 Criticality=false
        IssuerAlternativeName [
          Other-Name: Unrecognized ObjectIdentifier: 1.3.6.1.4.1.4131.2
        ]
      },
      {
        ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          DigitalSignature
          Key_Encipherment
        ]
      },
      {
        ObjectId: 2.5.29.17 Criticality=false
        SubjectAlternativeName [
          DNSName: va51tr2
          IPAddress: 172.31.64.122
          RFC822Name: [email protected]
        ]
      },
      {
        ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: DB B3 D6 38 B9 90 8C DE   D7 A4 B1 63 08 35 6C 92  ...8.......c.5l.
        0010: A4 58 AA F0                                        .X..
        ]
        ]
      }
    ]},
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "46 E4 05 80 FA 36 B7 60 23 A3 94 9E",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "C=us, O=tridium, OU=lab, CN=va51tr2ca",
    "not before"         : "2019-07-19 22:07:18.000 EDT",
    "not  after"         : "2023-07-18 22:07:00.000 EDT",
    "subject"            : "C=us, O=tridium, OU=lab, CN=va51tr2ca",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:true
          PathLen:2147483647
        ]
      },
      {
        ObjectId: 2.5.29.18 Criticality=false
        IssuerAlternativeName [
          Other-Name: Unrecognized ObjectIdentifier: 1.3.6.1.4.1.4131.2
        ]
      },
      {
        ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          Key_CertSign
          Crl_Sign
        ]
      },
      {
        ObjectId: 2.5.29.17 Criticality=false
        SubjectAlternativeName [
          RFC822Name: [email protected]
        ]
      },
      {
        ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: 9F 4D DD 0A 80 98 85 6F   55 73 70 AD 11 C4 5D ED  .M.....oUsp...].
        0010: 6B 34 A4 56                                        k4.V
        ]
        ]
      }
    ]}
]
)
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.185 EDT|ECDHServerKeyExchange.java:534|Consuming ECDH ServerKeyExchange handshake message (
"ECDH ServerKeyExchange": {
  "parameters": {
    "named group": "secp256r1"
    "ecdh public": {
      0000: 04 28 D7 FB 63 3A C6 7E   C5 FC 82 C7 FC F4 47 FC  .(..c:........G.
      0010: BC FE 52 F5 7E F5 D2 A8   F1 AE 9F E1 93 7A 58 E7  ..R..........zX.
      0020: 2A 55 A8 F5 64 4E 4F DF   D2 90 E0 7D A4 34 97 5E  *U..dNO......4.^
      0030: F1 87 65 8D 69 C2 BC DE   DD 99 EB CD CA D8 AF EC  ..e.i...........
      0040: A2                                                 .
    },
  },
  "digital signature":  {
    "signature algorithm": "rsa_pkcs1_sha256"
    "signature": {
      0000: 73 9C B5 55 59 F3 1B BD   4D F3 B3 C8 0E ED 13 04  s..UY...M.......
      0010: A2 BE EA 0E EF 1A 63 73   3C CF 90 21 6E 6F 2A 42  ......cs<..!no*B
      0020: 2F 86 39 61 FE 01 AE EC   6D D3 8D F3 BF 76 84 E3  /.9a....m....v..
      0030: 90 3D 72 24 36 19 36 B1   C7 AF 36 C7 72 A3 02 61  .=r$6.6...6.r..a
      0040: A0 9A 65 B1 CD DC 8C 19   A9 CC 28 E4 10 19 CC D4  ..e.......(.....
      0050: EB 9C DD A7 CC BB C2 65   F0 1A F6 79 7D 4B 10 56  .......e...y.K.V
      0060: AB CA E1 78 03 E6 62 70   2E 67 7B A7 42 9F 43 08  ...x..bp.g..B.C.
      0070: A5 79 48 57 80 EF A9 9F   AF 43 D7 FA 8D 5F 8F 38  .yHW.....C..._.8
      0080: D4 0B 13 38 5E 73 5A 37   0A C2 E0 6F CA C7 43 D7  ...8^sZ7...o..C.
      0090: B3 B0 E7 A6 E9 5C 34 2F   C7 C1 91 59 0A 07 20 49  .....\4/...Y.. I
      00A0: C5 55 96 E7 ED C5 EB AC   4C 5E D1 92 53 56 08 38  .U......L^..SV.8
      00B0: 4F 54 01 A0 56 1B 47 6A   E1 CE 90 46 D5 58 F8 45  OT..V.Gj...F.X.E
      00C0: 84 1E 50 5A 24 43 22 CF   4C 46 6D 21 C2 61 60 E8  ..PZ$C".LFm!.a`.
      00D0: E5 11 59 0C 8E 4B 7E A9   20 89 00 95 5B 24 59 EC  ..Y..K.. ...[$Y.
      00E0: 56 82 65 C0 EF 55 CD 8B   73 64 F6 28 AE D5 AE A2  V.e..U..sd.(....
      00F0: D1 73 7C 43 1E FE CB B5   43 D3 61 A0 DE 2F 57 E4  .s.C....C.a../W.
    },
  }
}
)
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.192 EDT|ServerHelloDone.java:151|Consuming ServerHelloDone handshake message (
<empty>
)
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.199 EDT|ECDHClientKeyExchange.java:399|Produced ECDHE ClientKeyExchange handshake message (
"ECDH ClientKeyExchange": {
  "ecdh public": {
    0000: 04 C6 E6 92 B4 8A 96 90   58 99 BA 9A 31 4E E8 2E  ........X...1N..
    0010: 43 61 68 69 72 08 3A 59   95 CC 82 72 C6 E5 2D 2A  Cahir.:Y...r..-*
    0020: 06 E9 EE 2E 76 45 50 BC   96 C7 62 F8 84 E8 80 59  ....vEP...b....Y
    0030: E5 1B E7 72 99 D4 63 FE   16 E7 B5 CC 76 6B 96 89  ...r..c.....vk..
    0040: FD                                                 .
  },
}
)
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.213 EDT|SSLMasterKeyDerivation.java:158|RSA master secret generation error. (
"throwable" : {
  java.security.InvalidAlgorithmParameterException: TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec
        at com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:63)
        at javax.crypto.KeyGenerator.init(KeyGenerator.java:454)
        at javax.crypto.KeyGenerator.init(KeyGenerator.java:430)
        at org.openjsse.sun.security.ssl.SSLMasterKeyDerivation$LegacyMasterKeyDerivation.deriveKey(SSLMasterKeyDerivation.java:149)
        at org.openjsse.sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation.t12DeriveKey(ECDHKeyExchange.java:444)
        at org.openjsse.sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation.deriveKey(ECDHKeyExchange.java:418)
        at org.openjsse.sun.security.ssl.ECDHClientKeyExchange$ECDHEClientKeyExchangeProducer.produce(ECDHClientKeyExchange.java:418)
        at org.openjsse.sun.security.ssl.ClientKeyExchange$ClientKeyExchangeProducer.produce(ClientKeyExchange.java:65)
        at org.openjsse.sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
        at org.openjsse.sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182)
        at org.openjsse.sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
        at org.openjsse.sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
        at org.openjsse.sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
        at org.openjsse.sun.security.ssl.TransportContext.dispatch(TransportContext.java:203)
        at org.openjsse.sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1178)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1089)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:428)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:742)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:357)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.performHandshake(CryptoCoreClientSocketFactory.java:477)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.performHandshake(CryptoCoreClientSocketFactory.java:460)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.initSocket(CryptoCoreClientSocketFactory.java:412)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.initSocket(CryptoCoreClientSocketFactory.java:378)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.createSocket(CryptoCoreClientSocketFactory.java:114)
        at javax.baja.naming.BIpHost.openSocket(BIpHost.java:181)
        at com.tridium.fox.sys.BFoxClientConnection$ConnectPrivilegedAction.run(BFoxClientConnection.java:704)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.tridium.fox.sys.BFoxClientConnection.connect(BFoxClientConnection.java:604)
        at com.tridium.fox.sys.BFoxSession.connect(BFoxSession.java:310)
        at com.tridium.fox.sys.BFoxSession.connect(BFoxSession.java:370)
        at com.tridium.fox.sys.BFoxsScheme.resolve(BFoxsScheme.java:87)
        at javax.baja.naming.BOrd.resolve(BOrd.java:274)
        at com.tridium.workbench.shell.BNiagaraWbShell.resolve(BNiagaraWbShell.java:636)
        at com.tridium.workbench.shell.NHyperlinkInfo.resolve(NHyperlinkInfo.java:279)
        at com.tridium.workbench.shell.NHyperlinkInfo.hyperlink(NHyperlinkInfo.java:131)
        at com.tridium.workbench.shell.BNiagaraWbShell.doHyperlink(BNiagaraWbShell.java:512)
        at com.tridium.workbench.shell.BNiagaraWbShell.hyperlink(BNiagaraWbShell.java:470)
        at com.tridium.workbench.auth.AuthUtil.connect(AuthUtil.java:300)
        at com.tridium.workbench.auth.BCnxHandler$CnxCommand.doInvoke(BCnxHandler.java:436)
        at javax.baja.ui.Command.doInvoke(Command.java:311)
        at javax.baja.ui.Command.invoke(Command.java:281)
        at javax.baja.ui.BActionMenuItem.doInvokeAction(BActionMenuItem.java:156)
        at javax.baja.ui.BActionMenuItem.doClick(BActionMenuItem.java:169)
        at javax.baja.ui.BMenuItem.mouseReleased(BMenuItem.java:470)
        at javax.baja.ui.BWidget.fireMouseEvent(BWidget.java:1228)
        at com.tridium.ui.awt.MouseManager.fire(MouseManager.java:325)
        at com.tridium.ui.awt.MouseManager.fire(MouseManager.java:299)
        at com.tridium.ui.awt.MouseManager.released(MouseManager.java:131)
        at com.tridium.ui.awt.MouseManager.process(MouseManager.java:104)
        at com.tridium.ui.awt.AwtShellManager.processMouseEvent(AwtShellManager.java:509)
        at java.awt.Component.processEvent(Component.java:6304)
        at java.awt.Container.processEvent(Container.java:2239)
        at java.awt.Component.dispatchEventImpl(Component.java:4889)
        at java.awt.Container.dispatchEventImpl(Container.java:2297)
        at java.awt.Component.dispatchEvent(Component.java:4711)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:760)
        at java.awt.EventQueue.access$500(EventQueue.java:97)
        at java.awt.EventQueue$3.run(EventQueue.java:709)
        at java.awt.EventQueue$3.run(EventQueue.java:703)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:84)
        at java.awt.EventQueue$4.run(EventQueue.java:733)
        at java.awt.EventQueue$4.run(EventQueue.java:731)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:730)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)}

)
javax.net.ssl|WARNING|13|AWT-EventQueue-0|2019-09-23 15:26:42.255 EDT|SSLSocketImpl.java:1315|handling exception (
"throwable" : {
  java.security.ProviderException: java.security.InvalidAlgorithmParameterException: TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec
        at org.openjsse.sun.security.ssl.SSLMasterKeyDerivation$LegacyMasterKeyDerivation.deriveKey(SSLMasterKeyDerivation.java:160)
        at org.openjsse.sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation.t12DeriveKey(ECDHKeyExchange.java:444)
        at org.openjsse.sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation.deriveKey(ECDHKeyExchange.java:418)
        at org.openjsse.sun.security.ssl.ECDHClientKeyExchange$ECDHEClientKeyExchangeProducer.produce(ECDHClientKeyExchange.java:418)
        at org.openjsse.sun.security.ssl.ClientKeyExchange$ClientKeyExchangeProducer.produce(ClientKeyExchange.java:65)
        at org.openjsse.sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
        at org.openjsse.sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182)
        at org.openjsse.sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
        at org.openjsse.sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
        at org.openjsse.sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
        at org.openjsse.sun.security.ssl.TransportContext.dispatch(TransportContext.java:203)
        at org.openjsse.sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1178)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1089)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:428)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:742)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:357)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.performHandshake(CryptoCoreClientSocketFactory.java:477)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.performHandshake(CryptoCoreClientSocketFactory.java:460)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.initSocket(CryptoCoreClientSocketFactory.java:412)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.initSocket(CryptoCoreClientSocketFactory.java:378)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.createSocket(CryptoCoreClientSocketFactory.java:114)
        at javax.baja.naming.BIpHost.openSocket(BIpHost.java:181)
        at com.tridium.fox.sys.BFoxClientConnection$ConnectPrivilegedAction.run(BFoxClientConnection.java:704)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.tridium.fox.sys.BFoxClientConnection.connect(BFoxClientConnection.java:604)
        at com.tridium.fox.sys.BFoxSession.connect(BFoxSession.java:310)
        at com.tridium.fox.sys.BFoxSession.connect(BFoxSession.java:370)
        at com.tridium.fox.sys.BFoxsScheme.resolve(BFoxsScheme.java:87)
        at javax.baja.naming.BOrd.resolve(BOrd.java:274)
        at com.tridium.workbench.shell.BNiagaraWbShell.resolve(BNiagaraWbShell.java:636)
        at com.tridium.workbench.shell.NHyperlinkInfo.resolve(NHyperlinkInfo.java:279)
        at com.tridium.workbench.shell.NHyperlinkInfo.hyperlink(NHyperlinkInfo.java:131)
        at com.tridium.workbench.shell.BNiagaraWbShell.doHyperlink(BNiagaraWbShell.java:512)
        at com.tridium.workbench.shell.BNiagaraWbShell.hyperlink(BNiagaraWbShell.java:470)
        at com.tridium.workbench.auth.AuthUtil.connect(AuthUtil.java:300)
        at com.tridium.workbench.auth.BCnxHandler$CnxCommand.doInvoke(BCnxHandler.java:436)
        at javax.baja.ui.Command.doInvoke(Command.java:311)
        at javax.baja.ui.Command.invoke(Command.java:281)
        at javax.baja.ui.BActionMenuItem.doInvokeAction(BActionMenuItem.java:156)
        at javax.baja.ui.BActionMenuItem.doClick(BActionMenuItem.java:169)
        at javax.baja.ui.BMenuItem.mouseReleased(BMenuItem.java:470)
        at javax.baja.ui.BWidget.fireMouseEvent(BWidget.java:1228)
        at com.tridium.ui.awt.MouseManager.fire(MouseManager.java:325)
        at com.tridium.ui.awt.MouseManager.fire(MouseManager.java:299)
        at com.tridium.ui.awt.MouseManager.released(MouseManager.java:131)
        at com.tridium.ui.awt.MouseManager.process(MouseManager.java:104)
        at com.tridium.ui.awt.AwtShellManager.processMouseEvent(AwtShellManager.java:509)
        at java.awt.Component.processEvent(Component.java:6304)
        at java.awt.Container.processEvent(Container.java:2239)
        at java.awt.Component.dispatchEventImpl(Component.java:4889)
        at java.awt.Container.dispatchEventImpl(Container.java:2297)
        at java.awt.Component.dispatchEvent(Component.java:4711)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:760)
        at java.awt.EventQueue.access$500(EventQueue.java:97)
        at java.awt.EventQueue$3.run(EventQueue.java:709)
        at java.awt.EventQueue$3.run(EventQueue.java:703)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:84)
        at java.awt.EventQueue$4.run(EventQueue.java:733)
        at java.awt.EventQueue$4.run(EventQueue.java:731)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:730)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
  Caused by: java.security.InvalidAlgorithmParameterException: TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec
        at com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:63)
        at javax.crypto.KeyGenerator.init(KeyGenerator.java:454)
        at javax.crypto.KeyGenerator.init(KeyGenerator.java:430)
        at org.openjsse.sun.security.ssl.SSLMasterKeyDerivation$LegacyMasterKeyDerivation.deriveKey(SSLMasterKeyDerivation.java:149)
        ... 70 more}

)
javax.net.ssl|ERROR|13|AWT-EventQueue-0|2019-09-23 15:26:42.273 EDT|TransportContext.java:338|Fatal (INTERNAL_ERROR): java.security.InvalidAlgorithmParameterException: TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec (
"throwable" : {
  java.security.ProviderException: java.security.InvalidAlgorithmParameterException: TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec
        at org.openjsse.sun.security.ssl.SSLMasterKeyDerivation$LegacyMasterKeyDerivation.deriveKey(SSLMasterKeyDerivation.java:160)
        at org.openjsse.sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation.t12DeriveKey(ECDHKeyExchange.java:444)
        at org.openjsse.sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation.deriveKey(ECDHKeyExchange.java:418)
        at org.openjsse.sun.security.ssl.ECDHClientKeyExchange$ECDHEClientKeyExchangeProducer.produce(ECDHClientKeyExchange.java:418)
        at org.openjsse.sun.security.ssl.ClientKeyExchange$ClientKeyExchangeProducer.produce(ClientKeyExchange.java:65)
        at org.openjsse.sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
        at org.openjsse.sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182)
        at org.openjsse.sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
        at org.openjsse.sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
        at org.openjsse.sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
        at org.openjsse.sun.security.ssl.TransportContext.dispatch(TransportContext.java:203)
        at org.openjsse.sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1178)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1089)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:428)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:742)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:357)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.performHandshake(CryptoCoreClientSocketFactory.java:477)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.performHandshake(CryptoCoreClientSocketFactory.java:460)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.initSocket(CryptoCoreClientSocketFactory.java:412)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.initSocket(CryptoCoreClientSocketFactory.java:378)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.createSocket(CryptoCoreClientSocketFactory.java:114)
        at javax.baja.naming.BIpHost.openSocket(BIpHost.java:181)
        at com.tridium.fox.sys.BFoxClientConnection$ConnectPrivilegedAction.run(BFoxClientConnection.java:704)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.tridium.fox.sys.BFoxClientConnection.connect(BFoxClientConnection.java:604)
        at com.tridium.fox.sys.BFoxSession.connect(BFoxSession.java:310)
        at com.tridium.fox.sys.BFoxSession.connect(BFoxSession.java:370)
        at com.tridium.fox.sys.BFoxsScheme.resolve(BFoxsScheme.java:87)
        at javax.baja.naming.BOrd.resolve(BOrd.java:274)
        at com.tridium.workbench.shell.BNiagaraWbShell.resolve(BNiagaraWbShell.java:636)
        at com.tridium.workbench.shell.NHyperlinkInfo.resolve(NHyperlinkInfo.java:279)
        at com.tridium.workbench.shell.NHyperlinkInfo.hyperlink(NHyperlinkInfo.java:131)
        at com.tridium.workbench.shell.BNiagaraWbShell.doHyperlink(BNiagaraWbShell.java:512)
        at com.tridium.workbench.shell.BNiagaraWbShell.hyperlink(BNiagaraWbShell.java:470)
        at com.tridium.workbench.auth.AuthUtil.connect(AuthUtil.java:300)
        at com.tridium.workbench.auth.BCnxHandler$CnxCommand.doInvoke(BCnxHandler.java:436)
        at javax.baja.ui.Command.doInvoke(Command.java:311)
        at javax.baja.ui.Command.invoke(Command.java:281)
        at javax.baja.ui.BActionMenuItem.doInvokeAction(BActionMenuItem.java:156)
        at javax.baja.ui.BActionMenuItem.doClick(BActionMenuItem.java:169)
        at javax.baja.ui.BMenuItem.mouseReleased(BMenuItem.java:470)
        at javax.baja.ui.BWidget.fireMouseEvent(BWidget.java:1228)
        at com.tridium.ui.awt.MouseManager.fire(MouseManager.java:325)
        at com.tridium.ui.awt.MouseManager.fire(MouseManager.java:299)
        at com.tridium.ui.awt.MouseManager.released(MouseManager.java:131)
        at com.tridium.ui.awt.MouseManager.process(MouseManager.java:104)
        at com.tridium.ui.awt.AwtShellManager.processMouseEvent(AwtShellManager.java:509)
        at java.awt.Component.processEvent(Component.java:6304)
        at java.awt.Container.processEvent(Container.java:2239)
        at java.awt.Component.dispatchEventImpl(Component.java:4889)
        at java.awt.Container.dispatchEventImpl(Container.java:2297)
        at java.awt.Component.dispatchEvent(Component.java:4711)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:760)
        at java.awt.EventQueue.access$500(EventQueue.java:97)
        at java.awt.EventQueue$3.run(EventQueue.java:709)
        at java.awt.EventQueue$3.run(EventQueue.java:703)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:84)
        at java.awt.EventQueue$4.run(EventQueue.java:733)
        at java.awt.EventQueue$4.run(EventQueue.java:731)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:730)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
  Caused by: java.security.InvalidAlgorithmParameterException: TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec
        at com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:63)
        at javax.crypto.KeyGenerator.init(KeyGenerator.java:454)
        at javax.crypto.KeyGenerator.init(KeyGenerator.java:430)
        at org.openjsse.sun.security.ssl.SSLMasterKeyDerivation$LegacyMasterKeyDerivation.deriveKey(SSLMasterKeyDerivation.java:149)
        ... 70 more}

)
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.289 EDT|SSLSocketImpl.java:1388|close the underlying socket
javax.net.ssl|DEBUG|13|AWT-EventQueue-0|2019-09-23 15:26:42.289 EDT|SSLSocketImpl.java:1407|close the SSL connection (initiative)
javax.net.ssl|ERROR|13|AWT-EventQueue-0|2019-09-23 15:26:42.291 EDT|SSLSocketImpl.java:360|handshake failed (
"throwable" : {
  javax.net.ssl.SSLException: java.security.InvalidAlgorithmParameterException: TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec
        at org.openjsse.sun.security.ssl.Alert.createSSLException(Alert.java:133)
        at org.openjsse.sun.security.ssl.TransportContext.fatal(TransportContext.java:346)
        at org.openjsse.sun.security.ssl.TransportContext.fatal(TransportContext.java:289)
        at org.openjsse.sun.security.ssl.TransportContext.fatal(TransportContext.java:284)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1341)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:434)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:742)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:357)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.performHandshake(CryptoCoreClientSocketFactory.java:477)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.performHandshake(CryptoCoreClientSocketFactory.java:460)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.initSocket(CryptoCoreClientSocketFactory.java:412)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.initSocket(CryptoCoreClientSocketFactory.java:378)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.createSocket(CryptoCoreClientSocketFactory.java:114)
        at javax.baja.naming.BIpHost.openSocket(BIpHost.java:181)
        at com.tridium.fox.sys.BFoxClientConnection$ConnectPrivilegedAction.run(BFoxClientConnection.java:704)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.tridium.fox.sys.BFoxClientConnection.connect(BFoxClientConnection.java:604)
        at com.tridium.fox.sys.BFoxSession.connect(BFoxSession.java:310)
        at com.tridium.fox.sys.BFoxSession.connect(BFoxSession.java:370)
        at com.tridium.fox.sys.BFoxsScheme.resolve(BFoxsScheme.java:87)
        at javax.baja.naming.BOrd.resolve(BOrd.java:274)
        at com.tridium.workbench.shell.BNiagaraWbShell.resolve(BNiagaraWbShell.java:636)
        at com.tridium.workbench.shell.NHyperlinkInfo.resolve(NHyperlinkInfo.java:279)
        at com.tridium.workbench.shell.NHyperlinkInfo.hyperlink(NHyperlinkInfo.java:131)
        at com.tridium.workbench.shell.BNiagaraWbShell.doHyperlink(BNiagaraWbShell.java:512)
        at com.tridium.workbench.shell.BNiagaraWbShell.hyperlink(BNiagaraWbShell.java:470)
        at com.tridium.workbench.auth.AuthUtil.connect(AuthUtil.java:300)
        at com.tridium.workbench.auth.BCnxHandler$CnxCommand.doInvoke(BCnxHandler.java:436)
        at javax.baja.ui.Command.doInvoke(Command.java:311)
        at javax.baja.ui.Command.invoke(Command.java:281)
        at javax.baja.ui.BActionMenuItem.doInvokeAction(BActionMenuItem.java:156)
        at javax.baja.ui.BActionMenuItem.doClick(BActionMenuItem.java:169)
        at javax.baja.ui.BMenuItem.mouseReleased(BMenuItem.java:470)
        at javax.baja.ui.BWidget.fireMouseEvent(BWidget.java:1228)
        at com.tridium.ui.awt.MouseManager.fire(MouseManager.java:325)
        at com.tridium.ui.awt.MouseManager.fire(MouseManager.java:299)
        at com.tridium.ui.awt.MouseManager.released(MouseManager.java:131)
        at com.tridium.ui.awt.MouseManager.process(MouseManager.java:104)
        at com.tridium.ui.awt.AwtShellManager.processMouseEvent(AwtShellManager.java:509)
        at java.awt.Component.processEvent(Component.java:6304)
        at java.awt.Container.processEvent(Container.java:2239)
        at java.awt.Component.dispatchEventImpl(Component.java:4889)
        at java.awt.Container.dispatchEventImpl(Container.java:2297)
        at java.awt.Component.dispatchEvent(Component.java:4711)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:760)
        at java.awt.EventQueue.access$500(EventQueue.java:97)
        at java.awt.EventQueue$3.run(EventQueue.java:709)
        at java.awt.EventQueue$3.run(EventQueue.java:703)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:84)
        at java.awt.EventQueue$4.run(EventQueue.java:733)
        at java.awt.EventQueue$4.run(EventQueue.java:731)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:730)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
  Caused by: java.security.ProviderException: java.security.InvalidAlgorithmParameterException: TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec
        at org.openjsse.sun.security.ssl.SSLMasterKeyDerivation$LegacyMasterKeyDerivation.deriveKey(SSLMasterKeyDerivation.java:160)
        at org.openjsse.sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation.t12DeriveKey(ECDHKeyExchange.java:444)
        at org.openjsse.sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation.deriveKey(ECDHKeyExchange.java:418)
        at org.openjsse.sun.security.ssl.ECDHClientKeyExchange$ECDHEClientKeyExchangeProducer.produce(ECDHClientKeyExchange.java:418)
        at org.openjsse.sun.security.ssl.ClientKeyExchange$ClientKeyExchangeProducer.produce(ClientKeyExchange.java:65)
        at org.openjsse.sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
        at org.openjsse.sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182)
        at org.openjsse.sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
        at org.openjsse.sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
        at org.openjsse.sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
        at org.openjsse.sun.security.ssl.TransportContext.dispatch(TransportContext.java:203)
        at org.openjsse.sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1178)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1089)
        at org.openjsse.sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:428)
        ... 56 more
  Caused by: java.security.InvalidAlgorithmParameterException: TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec
        at com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:63)
        at javax.crypto.KeyGenerator.init(KeyGenerator.java:454)
        at javax.crypto.KeyGenerator.init(KeyGenerator.java:430)
        at org.openjsse.sun.security.ssl.SSLMasterKeyDerivation$LegacyMasterKeyDerivation.deriveKey(SSLMasterKeyDerivation.java:149)
        ... 70 more}

)
FINE [15:26:42 23-Sep-19 EDT][crypto] TLS handshake failed. Cause is: ssl session is null session
FINER [15:26:42 23-Sep-19 EDT][crypto] TLS handshake failed.
javax.net.ssl.SSLHandshakeException: ssl session is null session
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.performHandshake(CryptoCoreClientSocketFactory.java:480)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.performHandshake(CryptoCoreClientSocketFactory.java:460)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.initSocket(CryptoCoreClientSocketFactory.java:412)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.initSocket(CryptoCoreClientSocketFactory.java:378)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.createSocket(CryptoCoreClientSocketFactory.java:114)
        at javax.baja.naming.BIpHost.openSocket(BIpHost.java:181)
        at com.tridium.fox.sys.BFoxClientConnection$ConnectPrivilegedAction.run(BFoxClientConnection.java:704)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.tridium.fox.sys.BFoxClientConnection.connect(BFoxClientConnection.java:604)
        at com.tridium.fox.sys.BFoxSession.connect(BFoxSession.java:310)
        at com.tridium.fox.sys.BFoxSession.connect(BFoxSession.java:370)
        at com.tridium.fox.sys.BFoxsScheme.resolve(BFoxsScheme.java:87)
        at javax.baja.naming.BOrd.resolve(BOrd.java:274)
        at com.tridium.workbench.shell.BNiagaraWbShell.resolve(BNiagaraWbShell.java:636)
        at com.tridium.workbench.shell.NHyperlinkInfo.resolve(NHyperlinkInfo.java:279)
        at com.tridium.workbench.shell.NHyperlinkInfo.hyperlink(NHyperlinkInfo.java:131)
        at com.tridium.workbench.shell.BNiagaraWbShell.doHyperlink(BNiagaraWbShell.java:512)
        at com.tridium.workbench.shell.BNiagaraWbShell.hyperlink(BNiagaraWbShell.java:470)
        at com.tridium.workbench.auth.AuthUtil.connect(AuthUtil.java:300)
        at com.tridium.workbench.auth.BCnxHandler$CnxCommand.doInvoke(BCnxHandler.java:436)
        at javax.baja.ui.Command.doInvoke(Command.java:311)
        at javax.baja.ui.Command.invoke(Command.java:281)
        at javax.baja.ui.BActionMenuItem.doInvokeAction(BActionMenuItem.java:156)
        at javax.baja.ui.BActionMenuItem.doClick(BActionMenuItem.java:169)
        at javax.baja.ui.BMenuItem.mouseReleased(BMenuItem.java:470)
        at javax.baja.ui.BWidget.fireMouseEvent(BWidget.java:1228)
        at com.tridium.ui.awt.MouseManager.fire(MouseManager.java:325)
        at com.tridium.ui.awt.MouseManager.fire(MouseManager.java:299)
        at com.tridium.ui.awt.MouseManager.released(MouseManager.java:131)
        at com.tridium.ui.awt.MouseManager.process(MouseManager.java:104)
        at com.tridium.ui.awt.AwtShellManager.processMouseEvent(AwtShellManager.java:509)
        at java.awt.Component.processEvent(Component.java:6304)
        at java.awt.Container.processEvent(Container.java:2239)
        at java.awt.Component.dispatchEventImpl(Component.java:4889)
        at java.awt.Container.dispatchEventImpl(Container.java:2297)
        at java.awt.Component.dispatchEvent(Component.java:4711)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:760)
        at java.awt.EventQueue.access$500(EventQueue.java:97)
        at java.awt.EventQueue$3.run(EventQueue.java:709)
        at java.awt.EventQueue$3.run(EventQueue.java:703)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:84)
        at java.awt.EventQueue$4.run(EventQueue.java:733)
        at java.awt.EventQueue$4.run(EventQueue.java:731)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:730)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

FINE [15:26:42 23-Sep-19 EDT][crypto] Attempting to create certificate exemption.
FINE [15:26:42 23-Sep-19 EDT][crypto] Could not acquire certificate from server socket. Cannot connect.
SEVERE [15:26:42 23-Sep-19 EDT][wb.shell] Target not found.
javax.baja.naming.UnresolvedException: foxs:
        at com.tridium.fox.sys.BFoxsScheme.resolve(BFoxsScheme.java:111)
        at javax.baja.naming.BOrd.resolve(BOrd.java:274)
        at com.tridium.workbench.shell.BNiagaraWbShell.resolve(BNiagaraWbShell.java:636)
        at com.tridium.workbench.shell.NHyperlinkInfo.resolve(NHyperlinkInfo.java:279)
        at com.tridium.workbench.shell.NHyperlinkInfo.hyperlink(NHyperlinkInfo.java:131)
        at com.tridium.workbench.shell.BNiagaraWbShell.doHyperlink(BNiagaraWbShell.java:512)
        at com.tridium.workbench.shell.BNiagaraWbShell.hyperlink(BNiagaraWbShell.java:470)
        at com.tridium.workbench.auth.AuthUtil.connect(AuthUtil.java:300)
        at com.tridium.workbench.auth.BCnxHandler$CnxCommand.doInvoke(BCnxHandler.java:436)
        at javax.baja.ui.Command.doInvoke(Command.java:311)
        at javax.baja.ui.Command.invoke(Command.java:281)
        at javax.baja.ui.BActionMenuItem.doInvokeAction(BActionMenuItem.java:156)
        at javax.baja.ui.BActionMenuItem.doClick(BActionMenuItem.java:169)
        at javax.baja.ui.BMenuItem.mouseReleased(BMenuItem.java:470)
        at javax.baja.ui.BWidget.fireMouseEvent(BWidget.java:1228)
        at com.tridium.ui.awt.MouseManager.fire(MouseManager.java:325)
        at com.tridium.ui.awt.MouseManager.fire(MouseManager.java:299)
        at com.tridium.ui.awt.MouseManager.released(MouseManager.java:131)
        at com.tridium.ui.awt.MouseManager.process(MouseManager.java:104)
        at com.tridium.ui.awt.AwtShellManager.processMouseEvent(AwtShellManager.java:509)
        at java.awt.Component.processEvent(Component.java:6304)
        at java.awt.Container.processEvent(Container.java:2239)
        at java.awt.Component.dispatchEventImpl(Component.java:4889)
        at java.awt.Container.dispatchEventImpl(Container.java:2297)
        at java.awt.Component.dispatchEvent(Component.java:4711)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:760)
        at java.awt.EventQueue.access$500(EventQueue.java:97)
        at java.awt.EventQueue$3.run(EventQueue.java:709)
        at java.awt.EventQueue$3.run(EventQueue.java:703)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:84)
        at java.awt.EventQueue$4.run(EventQueue.java:733)
        at java.awt.EventQueue$4.run(EventQueue.java:731)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:730)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Caused by: java.io.IOException: Could not acquire peer certificate to process exemption.
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.handleTLSException(CryptoCoreClientSocketFactory.java:616)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.handleTLSException(CryptoCoreClientSocketFactory.java:546)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.initSocket(CryptoCoreClientSocketFactory.java:420)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.initSocket(CryptoCoreClientSocketFactory.java:378)
        at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory.createSocket(CryptoCoreClientSocketFactory.java:114)
        at javax.baja.naming.BIpHost.openSocket(BIpHost.java:181)
        at com.tridium.fox.sys.BFoxClientConnection$ConnectPrivilegedAction.run(BFoxClientConnection.java:704)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.tridium.fox.sys.BFoxClientConnection.connect(BFoxClientConnection.java:604)
        at com.tridium.fox.sys.BFoxSession.connect(BFoxSession.java:310)
        at com.tridium.fox.sys.BFoxSession.connect(BFoxSession.java:370)
        at com.tridium.fox.sys.BFoxsScheme.resolve(BFoxsScheme.java:87)
        ... 42 more

INFO [15:26:47 23-Sep-19 EDT][wb.service] Stopped service library:WbLibraryService

Error when running with OpenJDK 11

From this PR square/okhttp#5382

        Caused by:
        java.security.KeyStoreException: problem accessing trust store
            at org.openjsse.sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:78)
            at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:278)
            at org.conscrypt.SSLParametersImpl.createDefaultX509TrustManager(SSLParametersImpl.java:591)
            ... 5 more

            Caused by:
            java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
                at java.base/sun.security.util.DerInputStream.getLength(DerInputStream.java:606)
                at java.base/sun.security.util.DerValue.init(DerValue.java:390)
                at java.base/sun.security.util.DerValue.<init>(DerValue.java:331)
                at java.base/sun.security.util.DerValue.<init>(DerValue.java:344)
                at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1993)
                at java.base/java.security.KeyStore.load(KeyStore.java:1479)
                at org.openjsse.sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:365)
                at org.openjsse.sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:313)
                at org.openjsse.sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:55)
                at org.openjsse.sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:54)
                ... 7 more

Access Control Exception with Security Manager

We enable the java SecurityManager when running our application. After adding the openjsse jar, we are seeing the following stacktrace. We can get around it (partially) by wrapping our call to SSLContext.getinstance() in a doPrivileged block, but there may be cases (like with Jetty) or other third party components that legitimately may need to create a security context, may not. I think it makes sense for the openjsse implementation to add the doPrivileged blocks in SSLContextImpl call to getCustomizedCipherSuites.

What do you all think?

Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.sun.security.action")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
        at java.security.AccessController.checkPermission(AccessController.java:886)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:329)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
        at org.openjsse.sun.security.ssl.SSLContextImpl.getCustomizedCipherSuites(SSLContextImpl.java:466)
        at org.openjsse.sun.security.ssl.SSLContextImpl.<clinit>(SSLContextImpl.java:107)
        ... 40 more

Enabling OpenJSSE suppresses SSL debug info

Running with -XX:+UseOpenJSSE supresses the output of -Djavax.net.debug=ssl

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.