[
https://issues.apache.org/jira/browse/KNOX-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tamás Hanicz closed KNOX-3172.
------------------------------
> BouncyCastle FIPS provider Broken Pipe exception
> ------------------------------------------------
>
> Key: KNOX-3172
> URL: https://issues.apache.org/jira/browse/KNOX-3172
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 2.1.0
> Reporter: Tamás Hanicz
> Assignee: Tamás Hanicz
> Priority: Major
> Fix For: 2.1.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The BC FIPS provider causes a SocketException with 'Broken Pipe' message on
> FIPS clusters. When there is a *connection: close* header in the response
> Knox tries to close the connection however there is an exception coming from
> BC. It tries to write to the already closed connection and we get the Broken
> Pipe issue and it results in HTTP 500 responses from Knox.
> The solution catches and ignores this exception on the socket level. The
> intercepting socket would only load if FIPS arg is provided for Knox. This
> arg is defaults to com.safelogic.cryptocomply.fips.approved_only=true .
> {code:java}
> java.net.SocketException: Broken pipe (Write failed)at
> java.net.SocketOutputStream.socketWrite0(Native Method)at
> java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)at
> java.net.SocketOutputStream.write(SocketOutputStream.java:155)at
> org.bouncycastle.tls.RecordStream.writeRecord(RecordStream.java:307)at
> org.bouncycastle.tls.TlsProtocol.safeWriteRecord(TlsProtocol.java:927)at
> org.bouncycastle.tls.TlsProtocol.raiseAlertWarning(TlsProtocol.java:1602)at
> org.bouncycastle.tls.TlsProtocol.handleClose(TlsProtocol.java:299)at
> org.bouncycastle.tls.TlsProtocol.close(TlsProtocol.java:1780)at
> org.bouncycastle.jsse.provider.ProvSSLSocketWrap.close(ProvSSLSocketWrap.java:154){code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
