• Post Reply Bookmark Topic Watch Topic
  • New Topic

javax.net.ssl.SSLException: bad record MAC -- HELP!  RSS feed

 
Jayes Herryl
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got this exception with SSL connection. Sometimes after the handshake completes and it stays connected for 5 mins, this exception happens and SSL connection is dropped.

I have a read method that takes the ByteBuffer inNetData, decrypts the data and puts to ByteBuffer inData.




The exception I got is:
javax.net.ssl.SSLException: bad record MAC
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)i
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:882)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)


Has anyone seen this problem and any idea what caused the exception?

Any help is appreciated!! Thanks!
 
Paddy Walsh
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am having exactly the same problem. I frequently lose connection because this happens at the client (and sometimes at the server). I have tried many things to attempt to cure but have no idea what the cause is. Did you ever find a resolution?
 
Henry Wong
author
Sheriff
Posts: 22861
119
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paddy Walsh wrote:I have tried many things to attempt to cure but have no idea what the cause is. Did you ever find a resolution?


Sorry for bumping an old topic, but I noticed that this was not really answered.

There is really little that you can do to debug the problem on the side of the network that this occured. Basically, the other side could not authenticate the last message sent, and rejected it. The best way to check what is going on is to check the logs on the other side. If this is not an option... the only option is to configure the SSL sockets correctly, so that authentication works.

Interestingly, I have encountered this twice...

The first time it took a week to find the cause (mostly to figure out what was going on) -- which was some incompatibility with versions of SSL used. The fix was to limit the protocols. This can be done via the SSLSocket class (before you use it). You can get a list of protocols supported via the getSupportedProtocols() method, and then configure which protocols to use via the setEnabledProtocols() method.

The second time I encountered this, I did the same fix, and it did not work !! And what I originally quoted as taking only a few hours to fix took a week. This time it was some incompatibility with the encryption algorithm used. The fix was to limit the algorithms allowed. This can also be done via the SSLSocket class (before you use it). You can get a list of cipher algorithms supported via the getSupportedCipherSuites() method, and then configure which algorithms are allowed via the setEnabledCipherSuites() method.

Henry
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!