search cancel

API Gateway: Error seen when using Encryption and/or Decryption assertions: "Cannot find any provider supporting RSA/NONE/OAEPPadding"

book

Article ID: 188354

calendar_today

Updated On:

Products

CA API Gateway API SECURITY STARTER PACK-7

Issue/Introduction

The Encrypt XML Element and Decrypt XML Element assertions, that use SAML tokens, are failing with the following error:

Unable to encrypt elements(s): Cannot find any provider supporting RSA/NONE/OAEPPadding.  Exception caught!

 

Environment

API Gateway: 9.4

Cause

The root cause is concurrent requests using DH.

Resolution

Workaround: Disable the TLS_DHE_* ciphers.

:::INBOUND CALLS:::
(1) Go to Tasks > Transports > Manage Listen Ports
(2) Select port 8443
(3) Go to the SSL/TLS Setting tab
(4) Under Enabled Ciphers Suite, uncheck all of the TLS_DHE_* ciphers
(5) Click OK

:::OUTBOUND CALLS:::
(1) On the Gateway appliance, edit the following file: /opt/SecureSpan/JDK/jre/lib/security/java.security
(2) Look for the following line:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL
(3) Replace it with:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL