[
http://issues.apache.org/jira/browse/JAMES-350?page=comments#action_12316313 ]
Ralf Hauser commented on JAMES-350:
-----------------------------------
more simple test cases and ideas for further diagnosis.
> Just did another test:
> openssl s_client -connect bugs.privasphere.com:995 -cipher RC4-SHA
> works while the next two do not work:
> openssl s_client -connect bugs.privasphere.com:995 -cipher
> DHE-RSA-AES256-SHA
> openssl s_client -connect bugs.privasphere.com:995 -cipher DES-CBC3-
> SHA
>
> So according to your last mail, that would take the certificate out of
> guilt.
>
> How does one easiest know which of the ciphers are provided by BC and
> which by others?
>
From: David Hook [EMAIL PROTECTED]
Sent: Wednesday, July 20, 2005 1:54 AM
To: [EMAIL PROTECTED]
Subject: RE: TLS/DHE-RSA/AES256-CBC/SHA not working under jdk1.5
...
The certificate you attached certainly appears to be okay.
No idea on how to answer your question, it depends how the application using
the provider is setup. It might be worth removing the BC providerr and trying
the Sun one first up. The other one is try DES rather than triple DES - if that
works then it sounds like a policy file issue.
The problem still sounds like the padding is incompatible though - it's pretty
unlikely any of the implementations of DES that are around now are wrong. If
the app was somehow thinking it was getting an TLS message when it was actually
getting a SSLv3 message you'd see this error as well (as nelson pointed out
SSLv3 allows random pad bytes, if the other end was taking advantage of this
then the trouble would start).
---------------
Has anybody on the mailing list tried to do SSL with jdk1.5? Can anybody
confirm this bug or report complementary experiences?
Many thanks in advance
> POP SSL based on jdk1.5 fails with thunderbird ("Padding length invalid" or
> "Invalid SSLv3 padding")
> ----------------------------------------------------------------------------------------------------
>
> Key: JAMES-350
> URL: http://issues.apache.org/jira/browse/JAMES-350
> Project: James
> Type: Bug
> Components: POP3Server
> Versions: 2.2.0
> Environment: debian sarge
> Reporter: Ralf Hauser
> Attachments: etherealDumps.zip
>
> related description for thunderbird in
> https://bugzilla.mozilla.org/show_bug.cgi?id=278499 (outlook and opera work
> nicely)
> DEBUG [default Worker #19] (JamesPOP3Handler.java:322) - Connection has been
> shutdown: javax.net.ssl.SSLHandshakeException: Invalid padding
> javax.net.ssl.SSLException: Connection has been shutdown:
> javax.net.ssl.SSLHandshakeException: Invalid padding
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154)
> at
> com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65)
> at java.io.BufferedInputStream.read1(BufferedInputStream.java:254)
> at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
> at
> sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)
> at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)
> at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
> at java.io.InputStreamReader.read(InputStreamReader.java:167)
> at java.io.BufferedReader.fill(BufferedReader.java:136)
> at java.io.BufferedReader.read(BufferedReader.java:157)
> at
> org.apache.james.util.CRLFTerminatedReader.readLine(CRLFTerminatedReader.java:98)
> at
> com.privasphere.privalope.mail.JamesPOP3Handler.readCommandLine(JamesPOP3Handler.java:485)
> at
> com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Handler.java:309)
> at
> org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run(ServerConnection.java:417)
> at
> org.apache.james.util.thread.ExecutableRunnable.execute(ExecutableRunnable.java:55)
> at org.apache.james.util.thread.WorkerThread.run(WorkerThread.java:90)
> Caused by: javax.net.ssl.SSLHandshakeException: Invalid padding
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:774)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at
> sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410)
> at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
> at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
> at java.io.BufferedWriter.flush(BufferedWriter.java:236)
> at java.io.PrintWriter.flush(PrintWriter.java:270)
> at
> org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:90)
> at
> org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:187)
> at
> com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Handler.java:301)
> ... 3 more
> Caused by: javax.crypto.BadPaddingException: Invalid SSLv3 padding: 24
> at
> com.sun.net.ssl.internal.ssl.CipherBox.removePadding(CipherBox.java:459)
> at com.sun.net.ssl.internal.ssl.CipherBox.decrypt(CipherBox.java:290)
> at
> com.sun.net.ssl.internal.ssl.InputRecord.decrypt(InputRecord.java:144)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:762)
> ... 16 more
> in most cases, it fails at the same place with
> Caused by: javax.crypto.BadPaddingException: Padding length invalid: 241
>
> whereas that number is different every time!
> p.s.: No clue how much this is related to JAMES-301
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
