IBM WEME J9 无效填充异常
我正在 Windows Mobile 6 设备上使用 IBM Websphere Everyplace Micro Environment JVM。我的应用程序使用 HTTPS 连接,并且我已正确设置所有内容以使用 J9JSSE 包进行 SSL/TLS。在 HTTPS 连接上传输的一些消息传输得很好,但其他消息在客户端上引起异常:
java.io.IOException: invalid padding
at com.ibm.oti.crypto.Util.unpadTLS10(Unknown Source)
at com.ibm.oti.crypto.CL3BasedProvider.decryptImpl(Unknown Source)
at com.ibm.oti.crypto.CL3BasedProvider.cryptUpdate(Unknown Source)
at com.ibm.oti.crypto.Key.cryptFinish(Unknown Source)
at com.ibm.j9.ssl.CipherAlgorithm.decipher(Unknown Source)
at com.ibm.j9.jsse.SSLSocketImpl.readData(Unknown Source)
at com.ibm.j9.jsse.SSLSocketImpl$SSLInputStream.read(Unknown Source)
at com.ibm.j9.jsse.SSLSocketImpl$SSLInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fillbuf(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.readln(Unknown Source)
at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.readServerResponse(Unknown Source)
at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.sendRequest(Unknown Source)
at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.doRequest(Unknown Source)
at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.getInputStream(Unknown Source)
我尝试使用 Apache Tomcat 服务器来配置正在使用的密码套件,并且是唯一一个会起作用的是:
SSL_RSA_WITH_NULL_SHA
但这实际上并没有进行任何加密(此处由 null 指定),所以它对我来说没有用。使用的默认密码套件是:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
这与我尝试过的所有其他密码套件都存在此填充问题。有谁知道可能导致问题的原因以及我如何解决它?
我发现一个论坛帖子,其中有人建议 J9 CBC 实现中存在错误,但奇怪的是网上没有任何其他信息。任何有关此问题的帮助将不胜感激。
I am using the IBM Websphere Everyplace Micro Environment JVM on a Windows Mobile 6 device. My application uses HTTPS connections and I have everything set up appropriately to use the J9JSSE package for SSL/TLS. Some messages that are being transmitted on the HTTPS connection are getting through just fine, but others are causing an exception on the client:
java.io.IOException: invalid padding
at com.ibm.oti.crypto.Util.unpadTLS10(Unknown Source)
at com.ibm.oti.crypto.CL3BasedProvider.decryptImpl(Unknown Source)
at com.ibm.oti.crypto.CL3BasedProvider.cryptUpdate(Unknown Source)
at com.ibm.oti.crypto.Key.cryptFinish(Unknown Source)
at com.ibm.j9.ssl.CipherAlgorithm.decipher(Unknown Source)
at com.ibm.j9.jsse.SSLSocketImpl.readData(Unknown Source)
at com.ibm.j9.jsse.SSLSocketImpl$SSLInputStream.read(Unknown Source)
at com.ibm.j9.jsse.SSLSocketImpl$SSLInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fillbuf(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.readln(Unknown Source)
at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.readServerResponse(Unknown Source)
at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.sendRequest(Unknown Source)
at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.doRequest(Unknown Source)
at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.getInputStream(Unknown Source)
I have tried playing around with the Apache Tomcat server to confgure the cipher suite that is being used and the only one that will work is:
SSL_RSA_WITH_NULL_SHA
but this doesn't actually do any encryption (specified here by the null) so it is of no use to me. The default cipher suite that is used is:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
And this along with all others that I have tried have this padding problem. Does anyone know what might be causing the problem and how I might solve it?
I found a single forum post where someone suggested that there was a bug in the J9 CBC implementation, but it seems strange that there is no other information on this anywhere online. Any help with this issue would be greatly appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
J9 JSSE 实现支持以下密码套件:
J9 JSSE 和提供商详细信息
。
tomcat 上的用户第三方 Open SSL
SSL 或 TLS 密码套件相关规范中的名称及其 OpenSSL 等效项
SSL v3.0 密码套件。
来自 RFC3268 的 AES 密码套件,扩展了 TLS v1.0
。
如果可能,请查看您是否也可以在 IBM Websphere Everyplace Micro Environment JVM 上使用 Open SSL。如果没有,请尝试在 Tomcat 上使用 J9 JSSE。
这里的重点是让服务器和客户端使用相同的密码套件。
The following Cipher Suites are supported by the J9 JSSE implementation:
J9 JSSE and Provider Details
.
User thirdparty Open SSL on tomcat
SSL or TLS cipher suites names from the relevant specification and their OpenSSL equivalents
SSL v3.0 cipher suites.
AES ciphersuites from RFC3268, extending TLS v1.0
.
If possible, see if you can use Open SSL on IBM Websphere Everyplace Micro Environment JVM as well. If not then try using J9 JSSE on Tomcat.
Point here being to have server and client using same cipher suites.
您使用哪个 JDK 提供程序来运行 Apache Tomcat 服务器?如果您没有使用 IBM JDK,那么您可能想尝试使用它。这将确保客户端和服务器上的密码套件提供程序相同(IBM)。
http://www.ibm.com/developerworks/java/jdk/
<强>更新:
对于 Windows Mobile 6,您可以使用与 Tomcat 服务器相同的 JVM 提供程序吗?您使用哪个 JDK 提供程序来运行 Apache Tomcat 服务器?
Which JDK provider are you using for running Apache Tomcat server? If you are not using IBM JDK then you may want to try using that. This will ensure that cipher suite provider on both client and server is same (IBM).
http://www.ibm.com/developerworks/java/jdk/
Update:
Can you use same JVM provider as Tomcat Server, for Windows Mobile 6? Which JDK provider are you using for running Apache Tomcat server?
所以我得出的最终答案是切换到不同的 JVM。 IBM 提供的支持非常少,仅仅试图让某人向我们出售他们的 JVM 许可证就被证明是非常困难的。我猜他们只喜欢与大型组织打交道。
现在使用 Skelmir 的 CEE-J,到目前为止它更有前途。
So the ultimate answer I came to was to switch to a different JVM. Very little support available from IBM and just trying to get someone to sell us licences for their JVM was proving very difficult. I guess they only like to deal with huge organisations.
Now using CEE-J from Skelmir and so far it is a lot more promising.