Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8235311

Tag mismatch may alert bad_record_mac

XMLWordPrintable

        javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.711 CST|SSLSocketOutputRecord.java:72|WRITE: TLS13 alert(handshake_failure), length = 2
        javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.712 CST|SSLCipher.java:2063|Plaintext before ENCRYPTION (
          0000: 02 28 15 00 00 00 00 00 00 00 00 00 00 00 00 00 .(..............
          0010: 00 00 00 ...
        )
        javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.714 CST|SSLSocketOutputRecord.java:86|Raw write (
          0000: 17 03 03 00 23 E7 C1 17 7A E1 60 D5 F1 FA 55 B4 ....#...z.`...U.
          0010: DD 99 5B 6D CB DB 27 01 EB 73 FC 03 9B C9 10 4E ..[m..'..s.....N
          0020: 5E 87 62 D8 DB F5 68 7B ^.b...h.
        )
        javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.715 CST|SSLSocketImpl.java:1699|close the underlying socket
        javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.715 CST|SSLSocketImpl.java:1718|close the SSL connection (initiative)
        javax.net.ssl.SSLHandshakeException: Tag mismatch!
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:129)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
        at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:878)
        at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:969)
        at java.base/java.io.InputStream.read(InputStream.java:218)
        at SimpleTLS.readIn(SimpleTLS.java:40)
        at SimpleTLS.main(SimpleTLS.java:27)
        Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
        at java.base/com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:623)
        at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1118)
        at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1055)
        at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:943)
        at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491)
        at java.base/javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:794)
        at java.base/javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
        at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2499)
        at java.base/sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1930)
        at java.base/sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(SSLSocketInputRecord.java:262)
        at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:190)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
        ... 8 more

        Per RFC8446 section 6.2, the alert would be fatal bad_record_mac rather than handshake_failure.
        bad_record_mac: This alert is returned if a record is received which cannot be deprotected. Because AEAD algorithms combine decryption and verification, and also to avoid side-channel attacks, this alert is used for all deprotection failures. This alert should never be observed in communication between proper implementations, except when messages were corrupted in the network.

              xuelei Xuelei Fan
              jjiang John Jiang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: