JDK-8013059 : Diffie Hellman occasionally results in " invalid padding " exception
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2013-04-04
  • Updated: 2013-10-25
  • Resolved: 2013-10-25
Related Reports
Duplicate :  
JDK-8014618 - Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement
Description
FULL PRODUCT VERSION :
java version  " 1.7.0_10 " 
Java(TM) SE Runtime Environment (build 1.7.0_10-b18)
Java HotSpot(TM) 64-Bit Server VM (build 23.6-b04, mixed mode)

Confirmed this on _15 as well.

ADDITIONAL OS VERSION INFORMATION :
Linux host1 2.6.32-279.1.1.el6.x86_64 #1 SMP Tue Jul 10 13:47:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux


A DESCRIPTION OF THE PROBLEM :
When negotiation using DHE with TLS, occasionally the  " server "  side of the exchange will incorrectly handle data being received relating to the padding and believe instead that the data is corrupt.

This will cause the connection to be dropped.

See: https://forums.oracle.com/forums/thread.jspa?threadID=2504695
See: https://forums.oracle.com/forums/thread.jspa?threadID=1531782




STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Step by step process (including sample code) is described in the above links.


REPRODUCIBILITY :
This bug can be reproduced often.

CUSTOMER SUBMITTED WORKAROUND :
In order to have reliable TLS handshakes, Diffie Hellman key exchanges must be disabled.