Bruce J Schuchardt created GEODE-8463:
-----------------------------------------
Summary: server's log filled with SSLException: Tag mismatch!
Key: GEODE-8463
URL: https://issues.apache.org/jira/browse/GEODE-8463
Project: Geode
Issue Type: Bug
Components: messaging
Reporter: Bruce J Schuchardt
In a TLS test using the latest Oracle JDK8 server logs filled with these
messages:
{noformat}
[info 2020/08/10 17:09:19.204 PDT <P2P message reader for
rs-GEM-2886-FD2236a0i32xlarge-hydra-client-1(bridgegemfire4_host1_27404:27404)<ec><v1>:41003
shared ordered uid=7 local port=41284
remote port=37024> tid=0x6c] P2P message reader@26dd073d io exception for
rs-GEM-2886-FD2236a0i32xlarge-hydra-client-1(bridgegemfire4_host1_27404:27404)<ec><v1>:41003(uid=7)
javax.net.ssl.SSLException: Tag mismatch!
at sun.security.ssl.Alert.createSSLException(Alert.java:133)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:327)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:270)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:265)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:119)
at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:594)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:549)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:413)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:392)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
at
org.apache.geode.internal.net.NioSslEngine.unwrap(NioSslEngine.java:272)
at
org.apache.geode.internal.tcp.Connection.processInputBuffer(Connection.java:2727)
at
org.apache.geode.internal.tcp.Connection.readMessages(Connection.java:1621)
at org.apache.geode.internal.tcp.Connection.run(Connection.java:1458)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
at
com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:620)
at
com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116)
at
com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:826)
at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
at javax.crypto.Cipher.doFinal(Cipher.java:2463)
at
sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1880)
at
sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240)
at
sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197)
at
sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:110)
{noformat}
The protocol and cipher were both set to "any".
We determined that this was selecting TLSv1.3, which was only recently
introduced as an available protocol in Oracle's JDK8. If TLSv1.2 is specified
instead of "any" things work fine.
The problem does not occur with Geode v1.13 unless you request TLSv1.3 with
Oracle JDK8. We were using 1.8.0_261.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
