Details
-
Bug
-
Status: Resolved
-
P4
-
Resolution: Fixed
-
11, 14
-
b27
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8245931 | 13.0.4 | Xuelei Fan | P4 | Resolved | Fixed | b03 |
| JDK-8238958 | 11.0.8-oracle | Prasadarao Koppula | P4 | Resolved | Fixed | b01 |
| JDK-8241203 | 11.0.8 | Xuelei Fan | P4 | Resolved | Fixed | b01 |
| JDK-8262044 | openjdk8u292 | Severin Gehwolf | P4 | Resolved | Fixed | b04 |
| JDK-8243689 | 8u261 | Prasadarao Koppula | P4 | Resolved | Fixed | b05 |
| JDK-8247022 | emb-8u261 | Prasadarao Koppula | P4 | Resolved | Fixed | team |
Description
javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.711 CST|SSLSocketOutputRecord.java:72|WRITE: TLS13 alert(handshake_failure), length = 2
javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.712 CST|SSLCipher.java:2063|Plaintext before ENCRYPTION (
0000: 02 28 15 00 00 00 00 00 00 00 00 00 00 00 00 00 .(..............
0010: 00 00 00 ...
)
javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.714 CST|SSLSocketOutputRecord.java:86|Raw write (
0000: 17 03 03 00 23 E7 C1 17 7A E1 60 D5 F1 FA 55 B4 ....#...z.`...U.
0010: DD 99 5B 6D CB DB 27 01 EB 73 FC 03 9B C9 10 4E ..[m..'..s.....N
0020: 5E 87 62 D8 DB F5 68 7B ^.b...h.
)
javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.715 CST|SSLSocketImpl.java:1699|close the underlying socket
javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.715 CST|SSLSocketImpl.java:1718|close the SSL connection (initiative)
javax.net.ssl.SSLHandshakeException: Tag mismatch!
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:129)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:878)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:969)
at java.base/java.io.InputStream.read(InputStream.java:218)
at SimpleTLS.readIn(SimpleTLS.java:40)
at SimpleTLS.main(SimpleTLS.java:27)
Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
at java.base/com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:623)
at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1118)
at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1055)
at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:943)
at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491)
at java.base/javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:794)
at java.base/javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2499)
at java.base/sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1930)
at java.base/sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(SSLSocketInputRecord.java:262)
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:190)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
... 8 more
Per RFC8446 section 6.2, the alert would be fatal bad_record_mac rather than handshake_failure.
bad_record_mac: This alert is returned if a record is received which cannot be deprotected. Because AEAD algorithms combine decryption and verification, and also to avoid side-channel attacks, this alert is used for all deprotection failures. This alert should never be observed in communication between proper implementations, except when messages were corrupted in the network.
javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.712 CST|SSLCipher.java:2063|Plaintext before ENCRYPTION (
0000: 02 28 15 00 00 00 00 00 00 00 00 00 00 00 00 00 .(..............
0010: 00 00 00 ...
)
javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.714 CST|SSLSocketOutputRecord.java:86|Raw write (
0000: 17 03 03 00 23 E7 C1 17 7A E1 60 D5 F1 FA 55 B4 ....#...z.`...U.
0010: DD 99 5B 6D CB DB 27 01 EB 73 FC 03 9B C9 10 4E ..[m..'..s.....N
0020: 5E 87 62 D8 DB F5 68 7B ^.b...h.
)
javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.715 CST|SSLSocketImpl.java:1699|close the underlying socket
javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.715 CST|SSLSocketImpl.java:1718|close the SSL connection (initiative)
javax.net.ssl.SSLHandshakeException: Tag mismatch!
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:129)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:878)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:969)
at java.base/java.io.InputStream.read(InputStream.java:218)
at SimpleTLS.readIn(SimpleTLS.java:40)
at SimpleTLS.main(SimpleTLS.java:27)
Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
at java.base/com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:623)
at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1118)
at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1055)
at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:943)
at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491)
at java.base/javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:794)
at java.base/javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2499)
at java.base/sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1930)
at java.base/sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(SSLSocketInputRecord.java:262)
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:190)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
... 8 more
Per RFC8446 section 6.2, the alert would be fatal bad_record_mac rather than handshake_failure.
bad_record_mac: This alert is returned if a record is received which cannot be deprotected. Because AEAD algorithms combine decryption and verification, and also to avoid side-channel attacks, this alert is used for all deprotection failures. This alert should never be observed in communication between proper implementations, except when messages were corrupted in the network.
Attachments
Issue Links
- backported by
-
JDK-8238958 Tag mismatch may alert bad_record_mac
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
(1 backported by)