SAP Knowledge Base Article - Preview

2881916 - Unable to encrypt SSL message: java.security.InvalidKeyException: Illegal key size

Symptom

When executing some application call that uses IAIK SSL for https you receive sample error:

Exception caught by adapter framework: java.io.IOException: Failed to get the input stream from socket: java.io.IOException: Fatal SSL handshake error: java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: java.security.InvalidKeyException: Illegal key size#
com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: java.io.IOException: Fatal SSL handshake error: java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: java.security.InvalidKeyException: Illegal key size
#BC-JAS-COR#kernel.sda#C0000A8E2408001700000005000056E6#95152750000009686##com.sap.engine.core.service630.container.ContainerObjectRegistry#209f8b0e37ac11eab70d000005abea6e0#Service Stopper [com.adobe~DocumentServicesBinariesSSL2]#Plain##
Service interface for service com.adobe~DocumentServicesBinariesSSL2 is not registered in registry and cannot be removed.#
Failed to get the input stream from socket: iaik.security.ssl.SSLException: Unable to encrypt SSL message: java.security.InvalidKeyException: Illegal key size
iaik.security.ssl.SSLException: Unable to encrypt SSL message: java.security.InvalidKeyException: Illegal key size
at iaik.security.ssl.SSLTransport.startHandshake(SourceFile:571)
at iaik.security.ssl.SSLTransport.getInputStream(SourceFile:658)
at iaik.security.ssl.SSLSocket.getInputStream(SourceFile:395)
java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLException: Unable to encrypt SSL message: java.security.InvalidKeyException: Illegal key size

the above example comes from Adobe Document Services application but can some in any application using https. There might be a different cipher suite in the error. Possibly the following notes have been implemented for TLS1.2, ECDHE cipher suite support, SHA384withRSA and SHA512withRSA. Additionally SSLContext.properites file might be configured to handle custom cipher suites that the vendor system allows:

2284059 - Update of SSL library within NW Java server

2540433 - Update of SSL library within NW Java server

2708581 - ECC Support for Outbound Connections in SAP NW AS Java


Read more...

Environment

SAP NetWeaver Composition Environment 7.1
SAP enhancement package 1 for SAP NetWeaver Composition Environment 7.1
SAP NetWeaver Composition Environment 7.2
SAP NetWeaver 7.3
SAP enhancement package 1 for SAP NetWeaver 7.3
SAP NetWeaver 7.4
SAP NetWeaver 7.5

Product

SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP NetWeaver Application Server for Java 7.1 ; SAP NetWeaver Application Server for Java 7.2 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 1 for SAP NetWeaver Application Server for Java 7.1

Keywords

mandatory, ciphersuite, ciphersuites, custom , KBA , BC-JAS-SEC-CPG , Cryptography , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.