Project

General

Profile

SSLException: bad record MAC

he li
Added about 2 years ago

Hi,

A SSLException occurs when my Tigase XMPP Server creates the connection to the other one by s2s, but it successfully reconnects after dialback times out.

Could you help me? Thanks in advance.

Exception infomation is in the attachment.

Tigase version: 7.0.2

jre: 1.8+


Replies (7)

Added by Wojciech Kapcia TigaseTeam about 2 years ago

First of all - please past stacktraces in text form instead of images.

Does that happen with all s2s connections or only single one? Does your server have a stable and reliable connection to such machine? It may happen

Which exact JRE are you using (Oracle? which exact version?)

Added by he li about 2 years ago

Thanks the reply. The connection is stable and reliable. More information is as following.

jre: oracle 1.8.0_92

exception:
javax.net.ssl.SSLException: bad record MAC
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)
    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:981)
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
    at tigase.io.TLSWrapper.unwrap(TLSWrapper.java:363)
    at tigase.io.TLSIO.decodeData(TLSIO.java:365)
    at tigase.io.TLSIO.read(TLSIO.java:209)
    at tigase.net.IOService.readData(IOService.java:1032)
    at tigase.xmpp.XMPPIOService.processSocketData(XMPPIOService.java:654)
    at tigase.net.IOService.call(IOService.java:252)
    at tigase.net.IOService.call(IOService.java:94)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: javax.crypto.BadPaddingException: bad record MAC
    at sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:238)
    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:974)
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
    at tigase.io.TLSWrapper.unwrap(TLSWrapper.java:363)
    at tigase.io.TLSIO.decodeData(TLSIO.java:365)
    at tigase.io.TLSIO.read(TLSIO.java:209)
    at tigase.net.IOService.readData(IOService.java:1032)
    at tigase.xmpp.XMPPIOService.processSocketData(XMPPIOService.java:654)
    at tigase.net.IOService.call(IOService.java:252)
    at tigase.net.IOService.call(IOService.java:94)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

Added by Wojciech Kapcia TigaseTeam about 2 years ago

I was able to see the stacktrack in the image - that was comment for the future.

Could you:

  • share full logs;

  • try OpenJDK flavor of Java?

What Operating system do you use?

Added by he li about 2 years ago

Firstly,I'm sorry that the Tigase version is 7.0.2 rather than 7.0.1.

My Operating system is Red Hat Enterprise Linux Server 6.4.

More importantly,I get something odd from log files by debugging java ssl.I find that everytime the server throws this SSLException when the ssl connection is resumed.

The log information is in attachments.

Added by Wojciech Kapcia TigaseTeam about 2 years ago

Have you modified Tigase/Java configuration in any way (related to the cryptography/security)? Changed ciphers, enabled hardened mode, etc.?

Please also answer previous question: Does your server have a stable and reliable connection to such machine?

Added by he li about 2 years ago

No,I have not. The connection is stable and reliable.

Added by Wojciech Kapcia TigaseTeam about 2 years ago

he li wrote:

The connection is stable and reliable.

I assume both servers are Tigase servers?

Where are those servers located (same or different locations)?

Are there other instances connecting to the mentioned server (and experiencing or not similar problems)?

Is there any Fw between those servers?

Please provide exact version of Java you are using.

Please try OpenJDK version.

    (1-7/7)