CloudHSM Cavium integration fails with exception during two-way SSL handshake (client-side) in a Java based Lambda

Hi, I am trying to use Cavium in a Java application for two-way SSL handshake. My application is the client application. However when the application runs, the client handshake fails with the following exception:

2022-02-21T18:30:39.152Z java.lang.RuntimeException: com.cavium.cfm2.CFM2Exception: A call to the API getRSAPrivateKeyComponents for size failed with error code ffffffff : Error: new error from underlying FW/SW, might need to upgrade to new SW to decode 2022-02-21T18:30:39.152Z at com.cavium.key.CaviumRSAPrivateKey.populateKeyComponents(CaviumRSAPrivateKey.java:154) 2022-02-21T18:30:39.152Z at com.cavium.key.CaviumRSAPrivateKey.getPrimeP(CaviumRSAPrivateKey.java:82) 2022-02-21T18:30:39.152Z at sun.security.rsa.RSACore.crtCrypt(RSACore.java:168) 2022-02-21T18:30:39.152Z at sun.security.rsa.RSACore.rsa(RSACore.java:122) 2022-02-21T18:30:39.152Z at sun.security.rsa.RSAPSSSignature.engineSign(RSAPSSSignature.java:371) 2022-02-21T18:30:39.152Z at java.security.Signature$Delegate.engineSign(Signature.java:1382) 2022-02-21T18:30:39.152Z at java.security.Signature.sign(Signature.java:698) 2022-02-21T18:30:39.152Z at sun.security.ssl.CertificateVerify$T12CertificateVerifyMessage.<init>(CertificateVerify.java:608) 2022-02-21T18:30:39.152Z at sun.security.ssl.CertificateVerify$T12CertificateVerifyProducer.produce(CertificateVerify.java:760) 2022-02-21T18:30:39.152Z at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421) 2022-02-21T18:30:39.152Z at sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182) 2022-02-21T18:30:39.152Z at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) 2022-02-21T18:30:39.152Z at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) 2022-02-21T18:30:39.152Z at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) 2022-02-21T18:30:39.152Z at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)

The application adds CaviumProvder at start-up: Security.addProvider(new com.cavium.provider.CaviumProvider());

My client application also attempts to sign a message using "NONEwithRSA" at the start of the application and successfully verifies the signing using the same key alias.

I have also verified that the user my application is using to authenticate towards CloudHSM is of type CU (Crypto User).

The CloudHSM jar file is cloudhsm-3.1.0.jar.

Please help.

Topics

Security, Identity, & Compliance

Relevant content

Global Accelerator has high latency when alb ssl handshake
xerphigh
asked 7 months ago
How to reduce SSL handshake time?
rePost-User-9659842
asked a year ago
SSL Handshake error
rePost-User-2786755
asked 8 months ago
SSL handshake failure while trying to connect to S3 using Java SDK
Kirupha
asked 2 months ago
How do I troubleshoot API Gateway errors when I use SSL certificates with backend integration?
AWS OFFICIALUpdated 5 months ago
How do I use AWS SAM to build a Lambda-backed custom resource in Java for CloudFormation?
AWS OFFICIALUpdated a year ago
How can I replace the certificates for my AWS Client VPN to resolve a TLS handshake error?
AWS OFFICIALUpdated 10 months ago
How do I troubleshoot the UnknownHostException error in my Java application?
AWS OFFICIALUpdated 2 years ago
Troubleshooting "Unable to unmarshall exception response with the unmarshallers provided" in Java
EXPERT
Leeroy Hannigan
published 10 months ago
Using AWS Private Link for application integration
EXPERT
Tedy_T
published 2 years ago