You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/08/26 22:24:00 UTC

[jira] [Commented] (GEODE-8463) server's log filled with SSLException: Tag mismatch!

    [ https://issues.apache.org/jira/browse/GEODE-8463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17185503#comment-17185503 ] 

ASF GitHub Bot commented on GEODE-8463:
---------------------------------------

bschuchardt opened a new pull request #5482:
URL: https://github.com/apache/geode/pull/5482


   This disables the use of TLSv1.3 selection if "any" is specified as the
   protocol and throws an exception if TLSv1.3 is requested in a JVM older
   than Java 11.  Most Java 8 implementations do not support TLSv1.3 - this
   is only an issue (presently) with Oracle's 1.8.0_261 and above.
   
   Thank you for submitting a contribution to Apache Geode.
   
   In order to streamline the review of the contribution we ask you
   to ensure the following steps have been taken:
   
   ### For all changes:
   - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?
   
   - [ ] Has your PR been rebased against the latest commit within the target branch (typically `develop`)?
   
   - [ ] Is your initial contribution a single, squashed commit?
   
   - [ ] Does `gradlew build` run cleanly?
   
   - [ ] Have you written or updated unit tests to verify your changes?
   
   - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?
   
   ### Note:
   Please ensure that once the PR is submitted, check Concourse for build issues and
   submit an update to your PR as soon as possible. If you need help, please send an
   email to dev@geode.apache.org.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> server's log filled with SSLException: Tag mismatch!
> ----------------------------------------------------
>
>                 Key: GEODE-8463
>                 URL: https://issues.apache.org/jira/browse/GEODE-8463
>             Project: Geode
>          Issue Type: Bug
>          Components: membership, messaging
>            Reporter: Bruce J Schuchardt
>            Assignee: Bruce J Schuchardt
>            Priority: Major
>
> In a TLS test using the latest Oracle JDK8 server logs filled with these messages:
> {noformat}
> [info 2020/08/10 17:09:19.204 PDT <P2P message reader for rs-GEM-2886-FD2236a0i32xlarge-hydra-client-1(bridgegemfire4_host1_27404:27404)<ec><v1>:41003 shared ordered uid=7 local port=41284 
> remote port=37024> tid=0x6c] P2P message reader@26dd073d io exception for rs-GEM-2886-FD2236a0i32xlarge-hydra-client-1(bridgegemfire4_host1_27404:27404)<ec><v1>:41003(uid=7)
> javax.net.ssl.SSLException: Tag mismatch!
>         at sun.security.ssl.Alert.createSSLException(Alert.java:133)
>         at sun.security.ssl.TransportContext.fatal(TransportContext.java:327)
>         at sun.security.ssl.TransportContext.fatal(TransportContext.java:270)
>         at sun.security.ssl.TransportContext.fatal(TransportContext.java:265)
>         at sun.security.ssl.SSLTransport.decode(SSLTransport.java:119)
>         at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:594)
>         at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:549)
>         at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:413)
>         at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:392)
>         at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
>         at org.apache.geode.internal.net.NioSslEngine.unwrap(NioSslEngine.java:272)
>         at org.apache.geode.internal.tcp.Connection.processInputBuffer(Connection.java:2727)
>         at org.apache.geode.internal.tcp.Connection.readMessages(Connection.java:1621)
>         at org.apache.geode.internal.tcp.Connection.run(Connection.java:1458)
>         at java.lang.Thread.run(Thread.java:748)
> Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
>         at com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:620)
>         at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116)
>         at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053)
>         at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
>         at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
>         at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:826)
>         at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
>         at javax.crypto.Cipher.doFinal(Cipher.java:2463)
>         at sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1880)
>         at sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240)
>         at sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197)
>         at sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160)
>         at sun.security.ssl.SSLTransport.decode(SSLTransport.java:110)
>  {noformat}
>  
> The protocol and cipher were both set to "any".
> We determined that this was selecting TLSv1.3, which was only recently introduced as an available protocol in Oracle's JDK8.  If TLSv1.2 is specified instead of "any" things work fine.
> The problem does not occur with Geode v1.13 unless you request TLSv1.3 with Oracle JDK8.  We were using 1.8.0_261.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)