Support Article

SSLException SOAP service fails, WebSphere 8.5.5, JDK 1.6

SA-16099

Summary



A Pega deployment is upgraded from PRPC 6.2 to Pega 7.1.9. The SOAP service call fails to do the handshake of certificates. Other Java applications on the same WebSphere Application Server, however, make successful connections. This problem was reported for WebSphere Application Server 8.5.5 with JDK 1.6.


Error Messages



com.pega.pegarules.pub.services.ResourceUnavailableException: SOAP service failed
javax.net.ssl.SSLException: Invalid Padding length: 236
               at com.ibm.jsse2.o.a(o.java:26) 
               at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:340) 
               at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:57) 
               at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:675)

  

Steps to Reproduce

On WebSphere Application Server 8.5.5 with JDK 1.6, complete the following steps:
  1. Configure a Connect SOAP rule.
  2. Make the SOAP call by HTTPS.
  3. Use valid certificates and try to make a successful handshake. 


Root Cause



A third-party product issue 
A known issue with IBM JDK 1.6, described in APAR IV37333, was fixed in later versions.

Resolution



Perform the following local-change to the operating environment: 
  1. Upgrade to JDK 1.7.
  2. Encounter another SSLHandShake exception related to the TLS protocol version where the end-point only supports TLS 1.0.
  3. Bypass Step 8 of the invokeAxis2 activity as described in SA-14558 to resolve the issue in Step 2.
The problem is resolved by upgrading to JDK 1.7.

 

Published January 31, 2016 - Updated October 8, 2020

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.