Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-496

javax.net.ssl.SSLException: Received fatal alert: bad_record_mac

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.7.0, 3.8.1, 3.8.2
    • Fix Version/s: 3.9.0
    • Component/s: Core
    • Labels:
    • Environment:
      Linux 64bit RHEL6 Sun java 1.6.0

      Description

      Had an issue with a user unable to log in, put the server into debug mode and captured this

      2011.12.08 00:19:26 [/XXX.XXX.XXX.XXX:49736] Data Read: org.apache.mina.filter.support.SSLHandler@21239bca (HeapBuffer[pos=0 lim=37 cap=1024: 15 03 01 00 20 4B 3C 99 DF B4 E7 5B B4 B8 A7 BD CF BE 54 B5 5E BB B7 59 63 82 A1 8B AC 06 FD ED 1B BD 8F AD 17])
      2011.12.08 00:19:26 [/XXX.XXX.XXX.XXX:49736] unwrap()
      2011.12.08 00:19:26 [/XXX.XXX.XXX.XXX:49736] inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=37 cap=16665]
      2011.12.08 00:19:26 [/XXX.XXX.XXX.XXX:49736] appBuffer: java.nio.DirectByteBuffer[pos=0 lim=33330 cap=33330]
      2011.12.08 00:19:26 Launching thread for /XXX.XXX.XXX.XXX:49736
      2011.12.08 00:19:26 ConnectionHandler:
      javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
      at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
      at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1467)
      at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1435)
      at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1601)
      at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1031)
      at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:845)
      at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:721)
      at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
      at org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:658)
      at org.apache.mina.filter.support.SSLHandler.unwrap(SSLHandler.java:596)
      at org.apache.mina.filter.support.SSLHandler.decrypt(SSLHandler.java:423)
      at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:308)
      at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
      at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
      at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
      at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
      at org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived(AbstractIoFilterChain.java:499)
      at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
      at org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(AbstractIoFilterChain.java:293)
      at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:228)
      at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:198)
      at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:45)
      at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:485)
      at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
      at java.lang.Thread.run(Thread.java:662)
      2011.12.08 00:19:26 Exiting since queue is empty for /XXX.XXX.XXX.XXX:49736
      2011.12.08 00:19:26 Launching thread for /XXX.XXX.XXX.XXX:49736
      2011.12.08 00:19:26 [/XXX.XXX.XXX.XXX:49736] Closed: org.apache.mina.filter.support.SSLHandler@21239bca
      2011.12.08 00:19:26 [/XXX.XXX.XXX.XXX:49736] Unexpected exception from SSLEngine.closeInbound().
      javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
      at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
      at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1467)
      at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1435)
      at com.sun.net.ssl.internal.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1374)
      at org.apache.mina.filter.support.SSLHandler.destroy(SSLHandler.java:167)
      at org.apache.mina.filter.SSLFilter.sessionClosed(SSLFilter.java:367)
      at org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(AbstractIoFilterChain.java:269)
      at org.apache.mina.common.support.AbstractIoFilterChain.access$800(AbstractIoFilterChain.java:53)
      at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.sessionClosed(AbstractIoFilterChain.java:633)
      at org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.sessionClosed(AbstractIoFilterChain.java:484)
      at org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(AbstractIoFilterChain.java:269)
      at org.apache.mina.common.support.AbstractIoFilterChain.fireSessionClosed(AbstractIoFilterChain.java:264)
      at org.apache.mina.common.support.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:224)
      at org.apache.mina.transport.socket.nio.SocketIoProcessor.doRemove(SocketIoProcessor.java:188)
      at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$600(SocketIoProcessor.java:45)
      at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:489)
      at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
      at java.lang.Thread.run(Thread.java:662)
      2011.12.08 00:19:26 ConnectionHandler:
      java.io.IOException: Connection reset by peer
      at sun.nio.ch.FileDispatcher.read0(Native Method)
      at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:21)
      at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:198)
      at sun.nio.ch.IOUtil.read(IOUtil.java:171)
      at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:243)
      at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:218)
      at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:198)
      at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:45)
      at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:485)
      at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
      at java.lang.Thread.run(Thread.java:662)
      

      The client in debug just notes this:

      
      (18:33:06) jabber: Recv (ssl)(1): <
      (18:33:06) jabber: Recv (ssl)(116): iq type="result" id="purple3141490b" to="xxx@chat/Laptop"><vCard xmlns="vcard-temp"/></iq>
      (18:33:06) connection: Connection error on 0x3071af0 (reason: 0 description: Lost connection with server: Input/output error)
      (18:33:06) account: Disconnecting account xxx@chat/Laptop (0x25038b0)
      (18:33:06) connection: Disconnecting connection 0x3071af0
      (18:33:06) jabber: Sending (ssl) (xxx@chat/Laptop): </stream:stream>
      (18:33:06) connection: Destroying connection 0x3071af0
      

      I removed the user from a shared roster and the login now works. Wonder if openfire is generating some bad xml or something, hmmm

        Attachments

          Activity

            People

            • Assignee:
              guus Guus der Kinderen
              Reporter:
              akrherz Daryl Herzmann
            • Votes:
              4 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: