Topic
  • 3 replies
  • Latest Post - ‏2010-09-18T19:54:30Z by NiceJav
saurabhsule82
saurabhsule82
12 Posts

Pinned topic RuntimeException: Algorithm MD5 for provider IBMJCEFIPS not available

‏2010-06-18T14:51:50Z |
I am trying to run the sample class: ServerJsseFIPS (attached here) provided inside jsse2docs_samples.zip.

When I run the class I get the following error:

*************************************************************************************************************
Exception in thread "main" java.lang.RuntimeException: Algorithm MD5 for provider IBMJCEFIPS not available
at com.ibm.jsse2.pb.i(pb.java:31)
at com.ibm.jsse2.hc.a(hc.java:32)
at com.ibm.jsse2.ab.<init>(ab.java:18)
at com.ibm.jsse2.gb.a(gb.java:134)
at com.ibm.jsse2.gb.<init>(gb.java:232)
at com.ibm.jsse2.ib.<init>(ib.java:301)
at com.ibm.jsse2.sc.f(sc.java:473)
at com.ibm.jsse2.sc.e(sc.java:467)
at com.ibm.jsse2.qc.a(qc.java:4)
at com.ibm.jsse2.qc.accept(qc.java:51)
at ServerJsseFIPS.main(ServerJsseFIPS.java:161)
Caused by: java.security.NoSuchProviderException: no such provider: IBMJCEFIPS
at sun.security.jca.GetInstance.getService(GetInstance.java:66)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
at java.security.Security.getImpl(Security.java:662)
at java.security.MessageDigest.getInstance(MessageDigest.java:185)
at com.ibm.jsse2.pb.i(pb.java:44)
... 10 more
*************************************************************************************************************

This error comes when we call accept() on the SSLServerSocket.

I am running the class with -Dcom.ibm.jsse2.JSSEFIPS=true which means it is in FIPS mode.

Now from the error one can understand that it occurs because MD5 is not supported in FIPS mode, but then why is MD5 being requested in the first place? The SSLServerSocket implementation is from IBM.

My system details are as follows:

java version "1.6.0"
Java(TM) SE Runtime Environment (build pxi3260sr8-20100409_01(SR8))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux x86-32 jvmxi3260sr8-20100401_55940 (JIT enabled, AOT enabled)
J9VM - 20100401_055940
JIT - r9_20100401_15339
GC - 20100308_AA)
JCL - 20100408_01

REHL 5

Regards,
Saurabh.
Updated on 2010-09-18T19:54:30Z at 2010-09-18T19:54:30Z by NiceJav
  • SystemAdmin
    SystemAdmin
    2262 Posts

    Re: RuntimeException: Algorithm MD5 for provider IBMJCEFIPS not available

    ‏2010-07-21T09:12:19Z  
    You didn't look at the entire stack trace:

    > *************************************************************************************************************
    > Exception in thread "main" java.lang.RuntimeException: Algorithm MD5 for provider IBMJCEFIPS not available
    > at com.ibm.jsse2.pb.i(pb.java:31)
    > at com.ibm.jsse2.hc.a(hc.java:32)
    > at com.ibm.jsse2.ab.<init>(ab.java:18)
    > at com.ibm.jsse2.gb.a(gb.java:134)
    > at com.ibm.jsse2.gb.<init>(gb.java:232)
    > at com.ibm.jsse2.ib.<init>(ib.java:301)
    > at com.ibm.jsse2.sc.f(sc.java:473)
    > at com.ibm.jsse2.sc.e(sc.java:467)
    > at com.ibm.jsse2.qc.a(qc.java:4)
    > at com.ibm.jsse2.qc.accept(qc.java:51)
    > at ServerJsseFIPS.main(ServerJsseFIPS.java:161)
    > Caused by: java.security.NoSuchProviderException: no such provider: IBMJCEFIPS
    > at sun.security.jca.GetInstance.getService(GetInstance.java:66)
    > at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
    > at java.security.Security.getImpl(Security.java:662)
    > at java.security.MessageDigest.getInstance(MessageDigest.java:185)
    > at com.ibm.jsse2.pb.i(pb.java:44)
    > ... 10 more
    > *************************************************************************************************************
    The problem is that the FIPS provider has not been initialized.
    For performance reasons, we don't normally initialize FIPS by default.
    Add the FIPS provider to the list of providers in java.security (found at <JDK>/jre/lib/security):

    
    security.provider.10=com.ibm.crypto.fips.provider.IBMJCEFIPS
    
  • saurabhsule82
    saurabhsule82
    12 Posts

    Re: RuntimeException: Algorithm MD5 for provider IBMJCEFIPS not available

    ‏2010-07-22T05:09:38Z  
    You didn't look at the entire stack trace:

    > *************************************************************************************************************
    > Exception in thread "main" java.lang.RuntimeException: Algorithm MD5 for provider IBMJCEFIPS not available
    > at com.ibm.jsse2.pb.i(pb.java:31)
    > at com.ibm.jsse2.hc.a(hc.java:32)
    > at com.ibm.jsse2.ab.<init>(ab.java:18)
    > at com.ibm.jsse2.gb.a(gb.java:134)
    > at com.ibm.jsse2.gb.<init>(gb.java:232)
    > at com.ibm.jsse2.ib.<init>(ib.java:301)
    > at com.ibm.jsse2.sc.f(sc.java:473)
    > at com.ibm.jsse2.sc.e(sc.java:467)
    > at com.ibm.jsse2.qc.a(qc.java:4)
    > at com.ibm.jsse2.qc.accept(qc.java:51)
    > at ServerJsseFIPS.main(ServerJsseFIPS.java:161)
    > Caused by: java.security.NoSuchProviderException: no such provider: IBMJCEFIPS
    > at sun.security.jca.GetInstance.getService(GetInstance.java:66)
    > at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
    > at java.security.Security.getImpl(Security.java:662)
    > at java.security.MessageDigest.getInstance(MessageDigest.java:185)
    > at com.ibm.jsse2.pb.i(pb.java:44)
    > ... 10 more
    > *************************************************************************************************************
    The problem is that the FIPS provider has not been initialized.
    For performance reasons, we don't normally initialize FIPS by default.
    Add the FIPS provider to the list of providers in java.security (found at <JDK>/jre/lib/security):

    <pre class="jive-pre"> security.provider.10=com.ibm.crypto.fips.provider.IBMJCEFIPS </pre>
    Thanks man !!!

    I missed that 'fips' between crypto and provider and I was simply using com.ibm.crypto.provider.IBMJCEFIPS.

    Now it works as expected.
  • NiceJav
    NiceJav
    1 Post

    Re: RuntimeException: Algorithm MD5 for provider IBMJCEFIPS not available

    ‏2010-09-18T19:54:30Z  
    it's great you get work as expected. If you may run into problem again please check out Java MD5