EncryptedData.reset(data, false) is not implemented correct. It always tries to remove last byte number of padding bytes at the end. In fact, even in Java, only DES-related etypes append paddings that way, while 3DES uses all zero, and others does not pad at all.
The method is called in TLS's Kerberos ciphersuite after decrypting pre-master secret. The default etype now is DES-related. However, since DES is now abandoned by most vendors, the bug is likely to show up soon.
Furthermore, it's not interopable with other Kerberos implementations. At least Windows uses all zero for DES-related etypes.