james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf Hauser (JIRA)" <server-...@james.apache.org>
Subject [jira] Commented: (JAMES-350) POP SSL based on jdk1.5 fails with thunderbird ("Padding length invalid" or "Invalid SSLv3 padding")
Date Thu, 21 Jul 2005 05:28:45 GMT
    [ http://issues.apache.org/jira/browse/JAMES-350?page=comments#action_12316313 ] 

Ralf Hauser commented on JAMES-350:

more simple test cases and ideas for further diagnosis.

> Just did another test:
>   openssl s_client -connect bugs.privasphere.com:995 -cipher RC4-SHA 
> works while the next two do not work:
>   openssl s_client -connect bugs.privasphere.com:995 -cipher 
>   openssl s_client -connect bugs.privasphere.com:995 -cipher DES-CBC3- 
> So according to your last mail, that would take the certificate out of 
> guilt.
> How does one easiest know which of the ciphers are provided by BC and 
> which by others?
From: David Hook [dgh@bund.com.au]
Sent: Wednesday, July 20, 2005 1:54 AM
To: hauser@acm.org
Subject: RE: TLS/DHE-RSA/AES256-CBC/SHA not working under jdk1.5
The certificate you attached certainly appears to be okay.

No idea on how to answer your question, it depends how the application using the provider
is setup. It might be worth removing the BC providerr and trying the Sun one first up. The
other one is try DES rather than triple DES - if that works then it sounds like a policy file

The problem still sounds like the padding is incompatible though - it's pretty unlikely any
of the implementations of DES that are around now are wrong. If the app was somehow thinking
it was getting an TLS message when it was actually getting a SSLv3 message you'd see this
error as well (as nelson pointed out SSLv3 allows random pad bytes, if the other end was taking
advantage of this then the trouble would start).
Has anybody on the mailing list tried to do SSL with jdk1.5? Can anybody confirm this bug
or report complementary experiences?
Many thanks in advance

> POP SSL based on jdk1.5 fails with thunderbird ("Padding length invalid" or "Invalid
SSLv3 padding")
> ----------------------------------------------------------------------------------------------------
>          Key: JAMES-350
>          URL: http://issues.apache.org/jira/browse/JAMES-350
>      Project: James
>         Type: Bug
>   Components: POP3Server
>     Versions: 2.2.0
>  Environment: debian sarge
>     Reporter: Ralf Hauser
>  Attachments: etherealDumps.zip
> related description for thunderbird in https://bugzilla.mozilla.org/show_bug.cgi?id=278499
(outlook and opera work nicely)
> DEBUG [default Worker #19] (JamesPOP3Handler.java:322) - Connection has been shutdown:
javax.net.ssl.SSLHandshakeException: Invalid padding
> javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException:
Invalid padding
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154)
>         at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65)
>         at java.io.BufferedInputStream.read1(BufferedInputStream.java:254)
>         at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
>         at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)
>         at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)
>         at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
>         at java.io.InputStreamReader.read(InputStreamReader.java:167)
>         at java.io.BufferedReader.fill(BufferedReader.java:136)
>         at java.io.BufferedReader.read(BufferedReader.java:157)
>         at org.apache.james.util.CRLFTerminatedReader.readLine(CRLFTerminatedReader.java:98)
>         at com.privasphere.privalope.mail.JamesPOP3Handler.readCommandLine(JamesPOP3Handler.java:485)
>         at com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Handler.java:309)
>         at org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run(ServerConnection.java:417)
>         at org.apache.james.util.thread.ExecutableRunnable.execute(ExecutableRunnable.java:55)
>         at org.apache.james.util.thread.WorkerThread.run(WorkerThread.java:90)
> Caused by: javax.net.ssl.SSLHandshakeException: Invalid padding
>         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:774)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
>         at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
>         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>         at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410)
>         at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
>         at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
>         at java.io.BufferedWriter.flush(BufferedWriter.java:236)
>         at java.io.PrintWriter.flush(PrintWriter.java:270)
>         at org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:90)
>         at org.apache.james.util.InternetPrintWriter.println(InternetPrintWriter.java:187)
>         at com.privasphere.privalope.mail.JamesPOP3Handler.handleConnection(JamesPOP3Handler.java:301)
>         ... 3 more
> Caused by: javax.crypto.BadPaddingException: Invalid SSLv3 padding: 24
>         at com.sun.net.ssl.internal.ssl.CipherBox.removePadding(CipherBox.java:459)
>         at com.sun.net.ssl.internal.ssl.CipherBox.decrypt(CipherBox.java:290)
>         at com.sun.net.ssl.internal.ssl.InputRecord.decrypt(InputRecord.java:144)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:762)
>         ... 16 more
> in most cases, it fails at the same place with 
> Caused by: javax.crypto.BadPaddingException: Padding length invalid: 241
> whereas that number is different every time!
> p.s.: No clue how much this is related to JAMES-301

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message