I got this exception with SSL connection. Sometimes after the handshake completes and it stays connected for 5 mins, this exception happens and SSL connection is dropped.
I have a read method that takes the ByteBuffer inNetData, decrypts the data and puts to ByteBuffer inData.
The exception I got is:
javax.net.ssl.SSLException: bad record MAC
Has anyone seen this problem and any idea what caused the exception?
I am having exactly the same problem. I frequently lose connection because this happens at the client (and sometimes at the server). I have tried many things to attempt to cure but have no idea what the cause is. Did you ever find a resolution?
Paddy Walsh wrote:I have tried many things to attempt to cure but have no idea what the cause is. Did you ever find a resolution?
Sorry for bumping an old topic, but I noticed that this was not really answered.
There is really little that you can do to debug the problem on the side of the network that this occured. Basically, the other side could not authenticate the last message sent, and rejected it. The best way to check what is going on is to check the logs on the other side. If this is not an option... the only option is to configure the SSL sockets correctly, so that authentication works.
Interestingly, I have encountered this twice...
The first time it took a week to find the cause (mostly to figure out what was going on) -- which was some incompatibility with versions of SSL used. The fix was to limit the protocols. This can be done via the SSLSocket class (before you use it). You can get a list of protocols supported via the getSupportedProtocols() method, and then configure which protocols to use via the setEnabledProtocols() method.
The second time I encountered this, I did the same fix, and it did not work !! And what I originally quoted as taking only a few hours to fix took a week. This time it was some incompatibility with the encryption algorithm used. The fix was to limit the algorithms allowed. This can also be done via the SSLSocket class (before you use it). You can get a list of cipher algorithms supported via the getSupportedCipherSuites() method, and then configure which algorithms are allowed via the setEnabledCipherSuites() method.