Problems running Symantec Protection Engine (SPE) 7.0 on Solaris 11 with JRE 1.7 update 4 and later.

Article:TECH196913  |  Created: 2012-09-19  |  Updated: 2012-09-30  |  Article URL http://www.symantec.com/docs/TECH196913
Article Type
Technical Solution


Issue



Symantec Protection Engine 7.0 does not start properly when installed with JRE 1.7.0_04 or later on Solaris 11.


Solution



JRE 1.7.0_04 and later uses default security provider as “com.oracle.security.ucrypto.UcryptoProvider” on Solaris 11. This provider accesses the underlying native(T4) crypto library without going through the PKCS11 layer. This causes JVM crash while creating SSL socket context in Symantec Protection Engine Java server.

To change default Java security provider to "sun.security.pkcs11.SunPKCS11" go to <Java_installation_dir>/jre/lib/security and replace the following lines in "java.security" configuration file

security.provider.1 = com.oracle.security.ucrypto.UcryptoProvider  ${JAVA.EN_US}/lib/security/ucrypto-solaris.cfg
security.provider.2 = sun.security.pkcs11.SunPKCS11 ${JAVA.EN_US}/lib/security/sunpkcs11-solaris11-solaris.cfg


with

security.provider.1 = sun.security.pkcs11.SunPKCS11 ${JAVA.EN_US}/lib/security/sunpkcs11-solaris11-solaris.cfg
security.provider.2 = com.oracle.security.ucrypto.UcryptoProvider  ${JAVA.EN_US}/lib/security/ucrypto-solaris.cfg




Article URL http://www.symantec.com/docs/TECH196913


Terms of use for this information are found in Legal Notices