Problems running Symantec Protection Engine (SPE) 7.0 on Solaris 11 with JRE 1.7 update 4 and later.

book

Article ID: 157069

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

Symantec Protection Engine 7.0 does not start properly when installed with JRE 1.7.0_04 or later on Solaris 11.

Resolution

JRE 1.7.0_04 and later uses default security provider as “com.oracle.security.ucrypto.UcryptoProvider” on Solaris 11. This provider accesses the underlying native(T4) crypto library without going through the PKCS11 layer. This causes JVM crash while creating SSL socket context in Symantec Protection Engine Java server.

To change default Java security provider to "sun.security.pkcs11.SunPKCS11" go to <Java_installation_dir>/jre/lib/security and replace the following lines in "java.security" configuration file

security.provider.1 = com.oracle.security.ucrypto.UcryptoProvider  ${JAVA.EN_US}/lib/security/ucrypto-solaris.cfg
security.provider.2 = sun.security.pkcs11.SunPKCS11 ${JAVA.EN_US}/lib/security/sunpkcs11-solaris11-solaris.cfg


with

security.provider.1 = sun.security.pkcs11.SunPKCS11 ${JAVA.EN_US}/lib/security/sunpkcs11-solaris11-solaris.cfg
security.provider.2 = com.oracle.security.ucrypto.UcryptoProvider  ${JAVA.EN_US}/lib/security/ucrypto-solaris.cfg