This week's book giveaway is in the Cloud/Virtualization forum.
We're giving away four copies of Learning OpenStack Networking: Build a solid foundation in virtual networking technologies for OpenStack-based clouds and have James Denton on-line!
See this thread for details.
Win a copy of Learning OpenStack Networking: Build a solid foundation in virtual networking technologies for OpenStack-based clouds this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

javax.net.ssl.SSLException: bad record MAC -- HELP!  RSS feed

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got this exception with SSL connection. Sometimes after the handshake completes and it stays connected for 5 mins, this exception happens and SSL connection is dropped.

I have a read method that takes the ByteBuffer inNetData, decrypts the data and puts to ByteBuffer inData.




The exception I got is:
javax.net.ssl.SSLException: bad record MAC
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)i
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:882)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)


Has anyone seen this problem and any idea what caused the exception?

Any help is appreciated!! Thanks!
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am having exactly the same problem. I frequently lose connection because this happens at the client (and sometimes at the server). I have tried many things to attempt to cure but have no idea what the cause is. Did you ever find a resolution?
 
author
Sheriff
Posts: 23586
138
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Paddy Walsh wrote:I have tried many things to attempt to cure but have no idea what the cause is. Did you ever find a resolution?



Sorry for bumping an old topic, but I noticed that this was not really answered.

There is really little that you can do to debug the problem on the side of the network that this occured. Basically, the other side could not authenticate the last message sent, and rejected it. The best way to check what is going on is to check the logs on the other side. If this is not an option... the only option is to configure the SSL sockets correctly, so that authentication works.

Interestingly, I have encountered this twice...

The first time it took a week to find the cause (mostly to figure out what was going on) -- which was some incompatibility with versions of SSL used. The fix was to limit the protocols. This can be done via the SSLSocket class (before you use it). You can get a list of protocols supported via the getSupportedProtocols() method, and then configure which protocols to use via the setEnabledProtocols() method.

The second time I encountered this, I did the same fix, and it did not work !! And what I originally quoted as taking only a few hours to fix took a week. This time it was some incompatibility with the encryption algorithm used. The fix was to limit the algorithms allowed. This can also be done via the SSLSocket class (before you use it). You can get a list of cipher algorithms supported via the getSupportedCipherSuites() method, and then configure which algorithms are allowed via the setEnabledCipherSuites() method.

Henry
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!