Symptom
When executing some application call that uses IAIK SSL for https you receive sample error:
Exception caught by adapter framework: java.io.IOException: Failed to get the input stream from socket: java.io.IOException: Fatal SSL handshake error: java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: java.security.InvalidKeyException: Illegal key size#
com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: java.io.IOException: Fatal SSL handshake error: java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: java.security.InvalidKeyException: Illegal key size
#BC-JAS-COR#kernel.sda#C0000A8E2408001700000005000056E6#95152750000009686##com.sap.engine.core.service630.container.ContainerObjectRegistry#209f8b0e37ac11eab70d000005abea6e0#Service Stopper [com.adobe~DocumentServicesBinariesSSL2]#Plain##
Service interface for service com.adobe~DocumentServicesBinariesSSL2 is not registered in registry and cannot be removed.#
Failed to get the input stream from socket: iaik.security.ssl.SSLException: Unable to encrypt SSL message: java.security.InvalidKeyException: Illegal key size
iaik.security.ssl.SSLException: Unable to encrypt SSL message: java.security.InvalidKeyException: Illegal key size
at iaik.security.ssl.SSLTransport.startHandshake(SourceFile:571)
at iaik.security.ssl.SSLTransport.getInputStream(SourceFile:658)
at iaik.security.ssl.SSLSocket.getInputStream(SourceFile:395)
java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLException: Unable to encrypt SSL message: java.security.InvalidKeyException: Illegal key size
the above example comes from Adobe Document Services application but can some in any application using https. There might be a different cipher suite in the error. Possibly the following notes have been implemented for TLS1.2, ECDHE cipher suite support, SHA384withRSA and SHA512withRSA. Additionally SSLContext.properites file might be configured to handle custom cipher suites that the vendor system allows:
2284059 - Update of SSL library within NW Java server
2540433 - Update of SSL library within NW Java server
2708581 - ECC Support for Outbound Connections in SAP NW AS Java
Read more...
Environment
SAP NetWeaver Composition Environment 7.1
SAP enhancement package 1 for SAP NetWeaver Composition Environment 7.1
SAP NetWeaver Composition Environment 7.2
SAP NetWeaver 7.3
SAP enhancement package 1 for SAP NetWeaver 7.3
SAP NetWeaver 7.4
SAP NetWeaver 7.5
Product
Keywords
mandatory, ciphersuite, ciphersuites, custom , KBA , BC-JAS-SEC-CPG , Cryptography , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.