000011692 - java.lang.RuntimeException: Export restriction: SSLSocketFactory supports non-pluggable ciphersuite(s)

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011692
Applies ToRSA Key Manager Java Client
HP Tandem (Nonstop)
IBM JDK
IssueError: java.lang.RuntimeException: Export restriction: SSLSocketFactory supports non-pluggable ciphersuite(s)
at com.sun.net.ssl.internal.ssl.ExportControl.checkCipherSuites(ExportControl.java:176)
at javax.net.ssl.SSLContext.getSocketFactory(SSLContext.java:164)
at com.rsa.kmc.w.ab.a(Unknown Source)
at com.rsa.kmc.w.aV.a(Unknown Source)
at com.rsa.kmc.w.aB.a(Unknown Source)
at com.rsa.kmc.w.ay.<init>(Unknown Source)
at com.rsa.kmc.w.aS <http://com.rsa.kmc.w.aS>.<init>(Unknown Source)
at com.rsa.kmc.w.aS.a(Unknown Source)
at com.rsa.kmc.w.aS.a(Unknown Source)
at com.rsa.kmc.KMConfig.<init>(Unknown Source)
...
ResolutionIn one case, re-installing a fresh Sun JRE 1.6 in a non-default location and pointing to it resolved the issue.

Upgrade to JDK 1.6:
- http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html

"Appendix B: Provider Pluggability
JSSE in Java SE 6 is fully pluggable and does not restrict the use of third party JSSE providers in any way."


Work around the problem by pointing to the IBM JSSE2 HTTPS handler:
- http://www-01.ibm.com/support/docview.wss?uid=nas2c5096397bdc71833862572af003c732c

"Add the following property to your J2SE 5.0 startup to force the                                                           
IBM JSSE2 HTTPS handler to be used.                           

-Djava.protocol.handler.pkgs=com.ibm.net.ssl.www2.protocol"

Legacy Article IDa54342

Attachments

    Outcomes