Support Article
SSLException SOAP service fails, WebSphere 8.5.5, JDK 1.6
SA-16099
Summary
A Pega deployment is upgraded from PRPC 6.2 to Pega 7.1.9. The SOAP service call fails to do the handshake of certificates. Other Java applications on the same WebSphere Application Server, however, make successful connections. This problem was reported for WebSphere Application Server 8.5.5 with JDK 1.6.
Error Messages
com.pega.pegarules.pub.services.ResourceUnavailableException: SOAP service failed
javax.net.ssl.SSLException: Invalid Padding length: 236
at com.ibm.jsse2.o.a(o.java:26)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:340)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:57)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:675)
Steps to Reproduce
On WebSphere Application Server 8.5.5 with JDK 1.6, complete the following steps:- Configure a Connect SOAP rule.
- Make the SOAP call by HTTPS.
- Use valid certificates and try to make a successful handshake.
Root Cause
A third-party product issue
A known issue with IBM JDK 1.6, described in APAR IV37333, was fixed in later versions.
Resolution
Perform the following local-change to the operating environment:
- Upgrade to JDK 1.7.
- Encounter another SSLHandShake exception related to the TLS protocol version where the end-point only supports TLS 1.0.
- Bypass Step 8 of the invokeAxis2 activity as described in SA-14558 to resolve the issue in Step 2.
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.