IV37334: HANDSHAKE BETWEEN IBMJSSE2 AND OPENSSL FAILED WHEN ECDH KEY EXCH ANGE IS USED
Closed as program error.
Error Message: javax.net.ssl.SSLHandshakeException: Invalid padding . Stack Trace: main, handling exception: javax.net.ssl.SSLHandshakeException: Invalid padding javax.net.ssl.SSLHandshakeException: Invalid padding at com.ibm.jsse2.j.a(j.java:36) at com.ibm.jsse2.pc.a(pc.java:301) at com.ibm.jsse2.pc.a(pc.java:438) at com.ibm.jsse2.pc.g(pc.java:445) at com.ibm.jsse2.pc.a(pc.java:432) at com.ibm.jsse2.pc.startHandshake(pc.java:211) at SSLServer.main(SSLServer.java:25) Caused by: javax.crypto.BadPaddingException: Padding length invalid: 90 at com.ibm.jsse2.k.a(k.java:30) at com.ibm.jsse2.k.b(k.java:110) at com.ibm.jsse2.a.a(a.java:219) at com.ibm.jsse2.pc.a(pc.java:490) ... 4 more . When ECDH key exchange is used, the problem can also happen when handshake between IBMJSSE2 and SunJSSE
Use cipher suites which do not use ECDH key exchange
The problem happens because the size of the "PreMaster Secret" generated from ECDH KeyAgreement in IBMJCE provider did not match openssl's counterpart for some of the EC curves.
This defect will be fixed in: 7.0.0 SR4FP1 6.0.1 SR5FP1 6.0.0 SR13FP1 5.0.0 SR16FP1 . A fix is made to IBMJCE provider to fix the size of result secret of ECDH KeyAgreement The associated Hursley CMVC defect is 196316 The associated Austin CMVC defect is 113554 JVMs affected: Java 5.0 SR15, Java 6.0 SR12, Java 626 SR4, and Java 7.0 SR3. The fix was delivered for Java 5.0 SR16FP1 and SR17, Java 6.0 SR13FP1 and SR14, Java 626 SR5FP1 and SR6, and Java 7.0 SR4FP1 and SR5. The affected jar is "ibmjceprovider.jar". The build level of this jar for the affected releases is "20130226"
Reported component name
JAVA 5 SECURITY
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
JAVA 5 SECURITY
Fixed component ID
Applicable component levels