Professional Documents
Culture Documents
Unable To Encrypt SSL Message-Java - Security - InvalidKeyException
Unable To Encrypt SSL Message-Java - Security - InvalidKeyException
Symptom
When executing some application call that uses IAIK SSL for https you receive sample error:
Exception caught by adapter framework: java.io.IOException: Failed to get the input stream from socket: java.io.IOException: Fatal SSL handshake error: java.lang.RuntimeException: Unable to create
cipher AES/CBC/NoPadding: java.security.InvalidKeyException: Illegal key size#
com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: java.io.IOException: Fatal SSL handshake error:
java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: java.security.InvalidKeyException: Illegal key size
#BC-JAS-
COR#kernel.sda#C0000A8E2408001700000005000056E6#95152750000009686##com.sap.engine.core.service630.container.ContainerObjectRegistry#209f8b0e37ac11eab70d000005abea6e0#Service
Stopper [com.adobe~DocumentServicesBinariesSSL2]#Plain##
Service interface for service com.adobe~DocumentServicesBinariesSSL2 is not registered in registry and cannot be removed.#
Failed to get the input stream from socket: iaik.security.ssl.SSLException: Unable to encrypt SSL message: java.security.InvalidKeyException: Illegal key size
iaik.security.ssl.SSLException: Unable to encrypt SSL message: java.security.InvalidKeyException: Illegal key size
at iaik.security.ssl.SSLTransport.startHandshake(SourceFile:571)
at iaik.security.ssl.SSLTransport.getInputStream(SourceFile:658)
at iaik.security.ssl.SSLSocket.getInputStream(SourceFile:395)
java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLException: Unable to encrypt SSL message: java.security.InvalidKeyException: Illegal key size
the above example comes from Adobe Document Services application but can some in any application using https. There might be a different cipher suite in the error. Possibly the following notes have
been implemented for TLS1.2, ECDHE cipher suite support, SHA384withRSA and SHA512withRSA. Additionally SSLContext.properites file might be configured to handle custom cipher suites that the
vendor system allows:
Environment
SAP NetWeaver Composition Environment 7.1
SAP enhancement package 1 for SAP NetWeaver Composition Environment 7.1
SAP NetWeaver Composition Environment 7.2
SAP NetWeaver 7.3
SAP enhancement package 1 for SAP NetWeaver 7.3
SAP NetWeaver 7.4
SAP NetWeaver 7.5
Cause
The JCE policy files on the server are limited and not allowing the particular cipher/key size.
Resolution
In SAP JVM shipments with higher versions than 6.1.105, 7.1.053, 8.1.034 and all SAP JVM >= 9, you can simply uncomment the parameter #crypto.policy = unlimited in the java.security file found
at <JDK dir>/jre/lib/security/java.security. For older jvm versions, you need to download and install the unlimited JCE policy files. A restart of the java instances are required afterwards.
See Also
1240081 - Java Cryptography Extension (JCE) Jurisdiction Policy Files
Keywords
mandatory, ciphersuite, ciphersuites, custom
Products
Products
SAP enhancement package 1 for SAP NetWeaver Application Server for Java 7.1
2540433