[jira] [Work logged] (KNOX-3172) BouncyCastle FIPS provider Broken Pipe exception

Wed, 30 Jul 2025 12:15:04 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-3172?focusedWorklogId=977010&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-977010
 ]

ASF GitHub Bot logged work on KNOX-3172:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 30/Jul/25 19:14
            Start Date: 30/Jul/25 19:14
    Worklog Time Spent: 10m 
      Work Description: pzampino merged PR #1065:
URL: https://github.com/apache/knox/pull/1065




Issue Time Tracking
-------------------

    Worklog Id:     (was: 977010)
    Time Spent: 0.5h  (was: 20m)

> BouncyCastle FIPS provider Broken Pipe exception
> ------------------------------------------------
>
>                 Key: KNOX-3172
>                 URL: https://issues.apache.org/jira/browse/KNOX-3172
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 2.1.0
>            Reporter: Tamás Hanicz
>            Assignee: Tamás Hanicz
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> The BC FIPS provider causes a SocketException with 'Broken Pipe' message on 
> FIPS clusters. When there is a *connection: close* header in the response 
> Knox tries to close the connection however there is an exception coming from 
> BC. It tries to write to the already closed connection and we get the Broken 
> Pipe issue and it results in HTTP 500 responses from Knox.
> The solution catches and ignores this exception on the socket level. The 
> intercepting socket would only load if FIPS arg is provided for Knox. This 
> arg is defaults to com.safelogic.cryptocomply.fips.approved_only=true .
> {code:java}
> java.net.SocketException: Broken pipe (Write failed)at 
> java.net.SocketOutputStream.socketWrite0(Native Method)at 
> java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)at 
> java.net.SocketOutputStream.write(SocketOutputStream.java:155)at 
> org.bouncycastle.tls.RecordStream.writeRecord(RecordStream.java:307)at 
> org.bouncycastle.tls.TlsProtocol.safeWriteRecord(TlsProtocol.java:927)at 
> org.bouncycastle.tls.TlsProtocol.raiseAlertWarning(TlsProtocol.java:1602)at 
> org.bouncycastle.tls.TlsProtocol.handleClose(TlsProtocol.java:299)at 
> org.bouncycastle.tls.TlsProtocol.close(TlsProtocol.java:1780)at 
> org.bouncycastle.jsse.provider.ProvSSLSocketWrap.close(ProvSSLSocketWrap.java:154){code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to