Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8313084

SSL connection interrupted with javax.crypto.AEADBadTagException: Tag mismatch!

XMLWordPrintable

      ADDITIONAL SYSTEM INFORMATION :
      openjdk version "17.0.6" 2023-01-17
      OpenJDK Runtime Environment (build 17.0.6+10-Debian-1deb11u1)
      OpenJDK 64-Bit Server VM (build 17.0.6+10-Debian-1deb11u1, mixed mode, sharing)

      openjdk version "17.0.7" 2023-04-18
      OpenJDK Runtime Environment (build 17.0.7+7-Debian-1deb11u1)
      OpenJDK 64-Bit Server VM (build 17.0.7+7-Debian-1deb11u1, mixed mode, sharing)

      A DESCRIPTION OF THE PROBLEM :
      After upgrade from Java 8 to Java 17 we started facing the bug similar to https://bugs.openjdk.org/browse/JDK-8277970

      Working Java 8 version:
      openjdk version “1.8.0_282”
      OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_282-b08)
      OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.282-b08, mixed mode)

      Even though it should be already fixed in 17.0.6 according to the mentioned OpenJDK bug we upgraded to 17.0.7 but problem preserved.

      Stack trace:
      javax.net.ssl.SSLException: Tag mismatch!
      at sun.security.ssl.Alert.createSSLException(Alert.java:133)
      at sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
      at sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
      at sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
      at sun.security.ssl.SSLTransport.decode(SSLTransport.java:123)
      at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736)
      at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691)
      at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506)
      at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482)
      at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)
      at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:297)
      at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1353)
      at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1246)
      at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1295)
      at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)
      at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
      at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
      at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
      at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
      at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
      at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
      at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
      at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
      at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
      at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
      at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
      at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724)
      at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650)
      at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
      at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
      at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
      at java.lang.Thread.run(Thread.java:833)
      Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
      at com.sun.crypto.provider.GaloisCounterMode$GCMDecrypt.doFinal(GaloisCounterMode.java:1486)
      at com.sun.crypto.provider.GaloisCounterMode.engineDoFinal(GaloisCounterMode.java:447)
      at javax.crypto.Cipher.doFinal(Cipher.java:2500)
      at sun.security.ssl.SSLCipher$T12GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1659)
      at sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:239)
      at sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:196)
      at sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:159)
      at sun.security.ssl.SSLTransport.decode(SSLTransport.java:111)
      ... 27 common frames omitted

      REGRESSION : Last worked in version 8


      FREQUENCY : rarely


            tongwan Andrew Wang
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: