You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Ralf Hauser (JIRA)" <se...@james.apache.org> on 2005/07/21 07:28:45 UTC

[jira] Commented: (JAMES-350) POP SSL based on jdk1.5 fails with thunderbird ("Padding length invalid" or "Invalid SSLv3 padding")

    [ http://issues.apache.org/jira/browse/JAMES-350?page=comments#action_12316313 ] 

Ralf Hauser commented on JAMES-350:
-----------------------------------

more simple test cases and ideas for further diagnosis.

> Just did another test:
>   openssl s_client -connect bugs.privasphere.com:995 -cipher RC4-SHA 
> works while the next two do not work:
>   openssl s_client -connect bugs.privasphere.com:995 -cipher 
> DHE-RSA-AES256-SHA
>   openssl s_client -connect bugs.privasphere.com:995 -cipher DES-CBC3- 
> SHA
> 
> So according to your last mail, that would take the certificate out of 
> guilt.
> 
> How does one easiest know which of the ciphers are provided by BC and 
> which by others?
> 
From: David Hook [dgh@bund.com.au]
Sent: Wednesday, July 20, 2005 1:54 AM
To: hauser@acm.org
Subject: RE: TLS/DHE-RSA/AES256-CBC/SHA not working under jdk1.5
...
The certificate you attached certainly appears to be okay.

No idea on how to answer your question, it depends how the application using the provider is setup. It might be worth removing the BC providerr and trying the Sun one first up. The other one is try DES rather than triple DES - if that works then it sounds like a policy file issue.

The problem still sounds like the padding is incompatible though - it's pretty unlikely any of the implementations of DES that are around now are wrong. If the app was somehow thinking it was getting an TLS message when it was actually getting a SSLv3 message you'd see this error as well (as nelson pointed out SSLv3 allows random pad bytes, if the other end was taking advantage of this then the trouble would start).
---------------
Has anybody on the mailing list tried to do SSL with jdk1.5? Can anybody confirm this bug or report complementary experiences?
Many thanks in advance

> POP SSL based on jdk1.5 fails with thunderbird ("Padding length invalid" or "Invalid SSLv3 padding")
> ----------------------------------------------------------------------------------------------------
>
>          Key: JAMES-350
>          URL: http://issues.apache.org/jira/browse/JAMES-350
>      Project: James
>         Type: Bug
>   Components: POP3Server
>     Versions: 2.2.0
>  Environment: debian sarge
>     Reporter: Ralf Hauser
>  Attachments: etherealDumps.zip
>
> related description for thunderbird in https://bugzilla.mozilla.org/show_bug.cgi?id=278499 (outlook and opera work nicely)
> DEBUG [default Worker #19] (JamesPOP3Handler.java:322) - Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Invalid padding
> javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Invalid padding
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154)
>         at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65)
>         at java.io.BufferedInputStream.read1(BufferedInputStream.java:254)
>         at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
>         at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)
>         at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)
>         at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
>         at java.io.InputStreamReader.read(InputStreamReader.java:167)
>         at java.io.BufferedReader.fill(BufferedReader.java:136)
>         at java.io.BufferedReader.read(BufferedReader.java:157)
>         at org.apache.james.util.CRLFTerminatedReader.readLine(CRLFTerminatedReader.java:98)
>         at com.privasphere.privalope.mail.JamesPOP3Handler.readCommandLine(JamesPOP3Handler.java:485)
>         at com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Handler.java:309)
>         at org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run(ServerConnection.java:417)
>         at org.apache.james.util.thread.ExecutableRunnable.execute(ExecutableRunnable.java:55)
>         at org.apache.james.util.thread.WorkerThread.run(WorkerThread.java:90)
> Caused by: javax.net.ssl.SSLHandshakeException: Invalid padding
>         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:774)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
>         at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
>         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>         at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410)
>         at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
>         at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
>         at java.io.BufferedWriter.flush(BufferedWriter.java:236)
>         at java.io.PrintWriter.flush(PrintWriter.java:270)
>         at org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:90)
>         at org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:187)
>         at com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Handler.java:301)
>         ... 3 more
> Caused by: javax.crypto.BadPaddingException: Invalid SSLv3 padding: 24
>         at com.sun.net.ssl.internal.ssl.CipherBox.removePadding(CipherBox.java:459)
>         at com.sun.net.ssl.internal.ssl.CipherBox.decrypt(CipherBox.java:290)
>         at com.sun.net.ssl.internal.ssl.InputRecord.decrypt(InputRecord.java:144)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:762)
>         ... 16 more
> in most cases, it fails at the same place with 
> Caused by: javax.crypto.BadPaddingException: Padding length invalid: 241
>  
> whereas that number is different every time!
> p.s.: No clue how much this is related to JAMES-301

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org