"java.security.InvalidKeyException: Illegal key size at javax.crypto.Cipher" Call to Extenal Webservice Through HTTPS Fails
Applies to:
Oracle Service Bus - Version: 11.1.1.3.0 and later [Release: 11g and later ]
Information in this document applies to any platform.
Symptoms
When an Oracle Service Bus business service makes calls to an external webservice using basic HTTPS authentication, the call fails. Server log shows the following exception.
Exception:
java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at com.certicom.tls.provider.Cipher.init(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.createWriteCipher(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.changeCipherSpec(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:158)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:254)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.setRequestPayload(HttpOutboundMessageContext.java:258)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.send(HttpOutboundMessageContext.java:294)
at com.bea.wli.sb.transports.http.wls.HttpTransportProvider.sendMessageAsync(HttpTransportProvider.java:211)
at sun.reflect.GeneratedMethodAccessor859.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.wli.sb.transports.Util$1.invoke(Util.java:83)
Cause
The standard policy in JAVA does not support AES with 256 bit keys. This was mentioned in unpublished Bug 8530913
Solution
Due to the import restrictions of some countries, the jurisdiction policy
files distributed with the JDK software have built-in restrictions on available cryptographic strength.
By default , the AES 256 cryptographic algorithm does not work with the Jre/jdk Oracle Service Bus use. Inorder to make it work JCE Extension jars ( Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files) should be used for the JDK Security.
Steps:
1. Download JCE Extension jars from
http://java.sun.com/javase/downloads/index.jsp
(Under 'Additional resources' there is an 'Other downloads' section which has a link to the 'Java Cryptography Extension (JCE)).
2. Replace the two jars(US_export_policy.jar & local_policy.jar) in the /jre/lib/security directory.
3. Restart the servers for the changes to take effect.
If the issue still exists, please contact Oracle Global Software Support for further assistance.

Exception:
java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at com.certicom.tls.provider.Cipher.init(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.createWriteCipher(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.changeCipherSpec(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:158)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:254)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.setRequestPayload(HttpOutboundMessageContext.java:258)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.send(HttpOutboundMessageContext.java:294)
at com.bea.wli.sb.transports.http.wls.HttpTransportProvider.sendMessageAsync(HttpTransportProvider.java:211)
at sun.reflect.GeneratedMethodAccessor859.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.wli.sb.transports.Util$1.invoke(Util.java:83)

http://java.sun.com/javase/downloads/index.jsp
（在'Additional resources'中有'Other downloads'选项，也可以下载JCE）