How to fix intermittent HTTP/SSL failure (padding exception)

A bug in the Oracle Java Development Kit (JDK) affects connections that use Secure Sockets Layer (SSL) certificates. Occasionally the SSL handshake fails during Diffie-Hellman key exchange and the connection hangs. This article describes the issue in detail and available workarounds.

Note: This issue has been fixed in Java 7 update 67 (JDK 7u67) or greater and Java 8 update 20 (JDK 8u20) or greater.


The following incorrect padding error can occur during Diffie-Hellman calculations:
javax.crypto.BadPaddingException: Invalid TLS padding
This issue doesn't happen frequently during normal usage of SSL. When it does occur, only one SSL connection fails and other SSL connections aren't affected. If the client disconnects and then reconnects over SSL, the new connection may work properly.

Affected protocols


HTTPS and RTMPTS are non-persistent protocols. This means that players make a new connection every few seconds to retrieve a stream. The new connections could be affected.


RTMPS is a persistent protocol. This means that players make just one connection for the entire streaming session. RTMPS is affected only if the initial SSL handshake fails. New connections are most likely not affected.
Note: Some Adobe Flash players connect using RTMPTS even if RTMPS is specified in the connection URL. This happens because the Flash NetConnection API defaults to RTMPTS. The default can be changed to use RTMPS by setting the NetConnection.proxyType to "best" before the connect method is called.
var nc:NetConnection = new NetConnection();
nc.proxyType = "best";


This bug is known to Oracle and is tracked in their bug database. See JDK-8013059: Diffie Hellman occasionally results in "invalid padding" exception. Use one of the following solutions:

OpenJDK (Linux only)

Linux users can switch to the OpenJDK, which doesn't exhibit this behavior. For more information about how to install OpenJDK, see How to download and install prebuilt OpenJDK packages. For more information about how to install OpenJDK, see How to download and install prebuilt OpenJDK packages.

Bouncy Castle JCE (all platforms)

The second, more involved, option is to switch to the Bouncy Castle JCE:
  1. Locate your Java installation directory ([java-dir]).
  2. Copy [install-dir]/lib/bcprov-ext-jdk15on-147.jar to [java-dir]/jre/lib/ext.
  3. Open the [java-dir]/jre/security/ file in a text editor and locate the List of providers section:
    1. Add the following provider to the list as the second entry:
    2. Re-number the providers in the list in ascending order. The list should look something like this:
Note: After the server is started, the Bouncy Castle JCE implementation may be very slow on the first HTTPS/SSL connection. This should only happen on the first connection.

Updated: For Java 7 update 67 (7u67) and Java 8 update 20 (8u20) on 09-26-2014.

If you're having problems or want to discuss this article, post in our forum.