Win a copy of Python Continuous Integration and Delivery this week in the Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
Sheriffs:
  • Devaka Cooray
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Tim Holloway
  • Claude Moore
  • Stephan van Hulst
Bartenders:
  • Winston Gutkowski
  • Carey Brown
  • Frits Walraven

javax.net.ssl.SSLException: bad record MAC -- HELP!  RSS feed

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got this exception with SSL connection. Sometimes after the handshake completes and it stays connected for 5 mins, this exception happens and SSL connection is dropped.

I have a read method that takes the ByteBuffer inNetData, decrypts the data and puts to ByteBuffer inData.




The exception I got is:
javax.net.ssl.SSLException: bad record MAC
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)i
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:882)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)


Has anyone seen this problem and any idea what caused the exception?

Any help is appreciated!! Thanks!
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am having exactly the same problem. I frequently lose connection because this happens at the client (and sometimes at the server). I have tried many things to attempt to cure but have no idea what the cause is. Did you ever find a resolution?
 
author
Posts: 23816
140
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Paddy Walsh wrote:I have tried many things to attempt to cure but have no idea what the cause is. Did you ever find a resolution?



Sorry for bumping an old topic, but I noticed that this was not really answered.

There is really little that you can do to debug the problem on the side of the network that this occured. Basically, the other side could not authenticate the last message sent, and rejected it. The best way to check what is going on is to check the logs on the other side. If this is not an option... the only option is to configure the SSL sockets correctly, so that authentication works.

Interestingly, I have encountered this twice...

The first time it took a week to find the cause (mostly to figure out what was going on) -- which was some incompatibility with versions of SSL used. The fix was to limit the protocols. This can be done via the SSLSocket class (before you use it). You can get a list of protocols supported via the getSupportedProtocols() method, and then configure which protocols to use via the setEnabledProtocols() method.

The second time I encountered this, I did the same fix, and it did not work !! And what I originally quoted as taking only a few hours to fix took a week. This time it was some incompatibility with the encryption algorithm used. The fix was to limit the algorithms allowed. This can also be done via the SSLSocket class (before you use it). You can get a list of cipher algorithms supported via the getSupportedCipherSuites() method, and then configure which algorithms are allowed via the setEnabledCipherSuites() method.

Henry
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!