API Gateway: Error seen when using Encryption and/or Decryption assertions: "Cannot find any provider supporting RSA/NONE/OAEPPadding"
Article ID: 188354
CA API GatewayAPI SECURITYSTARTER PACK-7
The Encrypt XML Element and Decrypt XML Element assertions, that use SAML tokens, are failing with the following error:
Unable to encrypt elements(s): Cannot find any provider supporting RSA/NONE/OAEPPadding. Exception caught!
API Gateway: 9.4
The root cause is concurrent requests using DH.
Workaround: Disable the TLS_DHE_* ciphers.
:::INBOUND CALLS::: (1) Go to Tasks > Transports > Manage Listen Ports (2) Select port 8443 (3) Go to the SSL/TLS Setting tab (4) Under Enabled Ciphers Suite, uncheck all of the TLS_DHE_* ciphers (5) Click OK
:::OUTBOUND CALLS::: (1) On the Gateway appliance, edit the following file: /opt/SecureSpan/JDK/jre/lib/security/java.security (2) Look for the following line: jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ EC keySize < 224, 3DES_EDE_CBC, anon, NULL (3) Replace it with: jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH, \ EC keySize < 224, 3DES_EDE_CBC, anon, NULL