All geek questions in one place

IBM WEME J9 Invalid padding exception

I use the IBM Websphere Everyplace Micro Environment JVM on a Windows Mobile 6 device. My application uses HTTPS connections and I’ve configured everything correctly to use the J9JSSE package for SSL / TLS. Some messages sent over an HTTPS connection work very well, but others throw an exception on the client:

java.io.IOException: invalid padding at com.ibm.oti.crypto.Util.unpadTLS10(Unknown Source) at com.ibm.oti.crypto.CL3BasedProvider.decryptImpl(Unknown Source) at com.ibm.oti.crypto.CL3BasedProvider.cryptUpdate(Unknown Source) at com.ibm.oti.crypto.Key.cryptFinish(Unknown Source) at com.ibm.j9.ssl.CipherAlgorithm.decipher(Unknown Source) at com.ibm.j9.jsse.SSLSocketImpl.readData(Unknown Source) at com.ibm.j9.jsse.SSLSocketImpl$SSLInputStream.read(Unknown Source) at com.ibm.j9.jsse.SSLSocketImpl$SSLInputStream.read(Unknown Source) at java.io.BufferedInputStream.fillbuf(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.readln(Unknown Source) at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.readServerResponse(Unknown Source) at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.sendRequest(Unknown Source) at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.doRequest(Unknown Source) at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.getInputStream(Unknown Source)

I tried playing with the Apache Tomcat server to hide the cipher suite that is used, and the only one that will work:

SSL_RSA_WITH_NULL_SHA

but actually it does not do any encryption (null is indicated here), so it is useless to me. The default cipher suite:

SSL_RSA_WITH_3DES_EDE_CBC_SHA

And this, along with all the others that I tried, has this problem. Does anyone know what might cause the problem and how can I solve it?

I found a post on one forum in which someone suggested that there was an error in the J9 CBC implementation, but, strangely enough, there was no information about this anywhere on the Internet. Any help in this matter would be greatly appreciated.

+4
source share
3 answers

So, the final answer I came up with was to switch to another JVM. The very little support available from IBM, and just trying to get someone to sell us licenses for their JVMs, was very difficult. I think they like talking to huge organizations.

Now, using CEE-J from Skelmir, so far it is much more promising.

0
source

The following versions of Cipher Suite are supported by the J9J JSSE implementation: J9 JSSE and vendor information

  • SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_WITH_DES_CBC_SHA
  • SSL_RSA_WITH_NULL_SHA
  • SSL_RSA_WITH_NULL_MD5
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_MD5
  • TLS_RSA_WITH_AES_128_CBC_SHA

.

Third Party User Open SSL on tomcat

SSL or TLS encrypted names from the corresponding specification and their OpenSSL equivalents

SSL encryption v3.0.

  SSL_RSA_WITH_3DES_EDE_CBC_SHA ----> DES-CBC3-SHA
  SSL_RSA_WITH_DES_CBC_SHA ---------> DES-CBC-SHA
  SSL_RSA_WITH_NULL_SHA ------------> NULL-SHA
  SSL_RSA_WITH_NULL_MD5 ------------> NULL-MD5
  SSL_RSA_WITH_RC4_128_SHA ---------> RC4-SHA
  SSL_RSA_WITH_RC4_128_MD5 ---------> RC4-MD5

AES ciphersuites from RFC3268 extending TLS v1.0

  TLS_RSA_WITH_AES_128_CBC_SHA -----> AES128-SHA

.

If possible, see if you can use Open SSL in the IBM Websphere Everyplace Micro Environment JVM . If not, try using J9 JSSE on Tomcat.

It indicates that the server and client use the same cipher suites.

+1
source

Which JDK provider do you use to start the Apache Tomcat server? If you are not using the IBM JDK, you can try this. This ensures that the cryptographic provider is both the client and the server (IBM).

http://www.ibm.com/developerworks/java/jdk/

Update: Can you use a single JVM provider like Tomcat Server for Windows Mobile 6? Which JDK provider do you use to start the Apache Tomcat server?

0
source

Source: https://habr.com/ru/post/1300286/

More articles:


All Articles