APAR status
Closed as program error.
Error description
Error Message: javax.net.ssl.SSLHandshakeException: Invalid padding . Stack Trace: main, handling exception: javax.net.ssl.SSLHandshakeException: Invalid padding javax.net.ssl.SSLHandshakeException: Invalid padding at com.ibm.jsse2.j.a(j.java:36) at com.ibm.jsse2.pc.a(pc.java:301) at com.ibm.jsse2.pc.a(pc.java:438) at com.ibm.jsse2.pc.g(pc.java:445) at com.ibm.jsse2.pc.a(pc.java:432) at com.ibm.jsse2.pc.startHandshake(pc.java:211) at SSLServer.main(SSLServer.java:25) Caused by: javax.crypto.BadPaddingException: Padding length invalid: 90 at com.ibm.jsse2.k.a(k.java:30) at com.ibm.jsse2.k.b(k.java:110) at com.ibm.jsse2.a.a(a.java:219) at com.ibm.jsse2.pc.a(pc.java:490) ... 4 more . When ECDH key exchange is used, the problem can also happen when handshake between IBMJSSE2 and SunJSSE
Local fix
Use cipher suites which do not use ECDH key exchange
Problem summary
The problem happens because the size of the "PreMaster Secret" generated from ECDH KeyAgreement in IBMJCE provider did not match openssl's counterpart for some of the EC curves.
Problem conclusion
This defect will be fixed in: 7.0.0 SR4FP1 6.0.1 SR5FP1 6.0.0 SR13FP1 5.0.0 SR16FP1 . A fix is made to IBMJCE provider to fix the size of result secret of ECDH KeyAgreement The associated Hursley CMVC defect is 196316 The associated Austin CMVC defect is 113554 JVMs affected: Java 5.0 SR15, Java 6.0 SR12, Java 626 SR4, and Java 7.0 SR3. The fix was delivered for Java 5.0 SR16FP1 and SR17, Java 6.0 SR13FP1 and SR14, Java 626 SR5FP1 and SR6, and Java 7.0 SR4FP1 and SR5. The affected jar is "ibmjceprovider.jar". The build level of this jar for the affected releases is "20130226"
Temporary fix
Comments
APAR Information
APAR number
IV37333
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-02-27
Closed date
2013-03-18
Last modified date
2013-03-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020