API Gateway: Error seen when using Encryption and/or Decryption assertions: "Cannot find any provider supporting RSA/NONE/OAEPPadding"
Article ID: 188354
Updated On:
Products
CA API Gateway
API SECURITY
STARTER PACK-7
Issue/Introduction
The Encrypt XML Element and Decrypt XML Element assertions, that use SAML tokens, are failing with the following error:
Unable to encrypt elements(s): Cannot find any provider supporting RSA/NONE/OAEPPadding. Exception caught!
Environment
API Gateway: 9.4
Cause
The root cause is concurrent requests using DH.
Resolution
Workaround: Disable the TLS_DHE_* ciphers.
:::INBOUND CALLS:::
(1) Go to Tasks > Transports > Manage Listen Ports
(2) Select port 8443
(3) Go to the SSL/TLS Setting tab
(4) Under Enabled Ciphers Suite, uncheck all of the TLS_DHE_* ciphers
(5) Click OK
:::OUTBOUND CALLS:::
(1) On the Gateway appliance, edit the following file: /opt/SecureSpan/JDK/jre/lib/security/java.security
(2) Look for the following line:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL
(3) Replace it with:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL
:::INBOUND CALLS:::
(1) Go to Tasks > Transports > Manage Listen Ports
(2) Select port 8443
(3) Go to the SSL/TLS Setting tab
(4) Under Enabled Ciphers Suite, uncheck all of the TLS_DHE_* ciphers
(5) Click OK
:::OUTBOUND CALLS:::
(1) On the Gateway appliance, edit the following file: /opt/SecureSpan/JDK/jre/lib/security/java.security
(2) Look for the following line:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL
(3) Replace it with:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL
Feedback
Yes
No
Powered by
