search

Bertybb / sipservlets

Automatically exported from code.google.com/p/sipservlets
0 stars 0 forks source link

bad_record_mac using TLS #261

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
intermittent

What is the expected output? What do you see instead?

javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1639)
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1607)
        at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1776)
        at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1080)
        at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
        at gov.nist.javax.sip.stack.SSLStateMachine.unwrap(SSLStateMachine.java:
254)
        at gov.nist.javax.sip.stack.SSLStateMachine.unwrap(SSLStateMachine.java:
198)
        at gov.nist.javax.sip.stack.NioTlsMessageChannel.addBytes(NioTlsMessageC
hannel.java:205)
        at gov.nist.javax.sip.stack.NioTcpMessageChannel.readChannel(NioTcpMessa
geChannel.java:117)
        at gov.nist.javax.sip.stack.NioTcpMessageProcessor$ProcessorTask.read(Ni
oTcpMessageProcessor.java:151)
        at gov.nist.javax.sip.stack.NioTcpMessageProcessor$ProcessorTask.run(Nio
TcpMessageProcessor.java:336)
        at java.lang.Thread.run(Thread.java:722)
Unexpected internal error  null
2014-03-18 14:08:37,464 ERROR [NioTcpMessageChannel] (NioSelector-TLS-172.22.0.1
23/5081) UNEXPECTED INTERNAL ERROR null
java.lang.NullPointerException
        at gov.nist.javax.sip.stack.SSLStateMachine.unwrap(SSLStateMachine.java:
263)
        at gov.nist.javax.sip.stack.SSLStateMachine.unwrap(SSLStateMachine.java:
198)
        at gov.nist.javax.sip.stack.NioTlsMessageChannel.addBytes(NioTlsMessageC
hannel.java:205)
        at gov.nist.javax.sip.stack.NioTcpMessageChannel.readChannel(NioTcpMessa
geChannel.java:117)
        at gov.nist.javax.sip.stack.NioTcpMessageProcessor$ProcessorTask.read(Ni
oTcpMessageProcessor.java:151)
        at gov.nist.javax.sip.stack.NioTcpMessageProcessor$ProcessorTask.run(Nio
TcpMessageProcessor.java:336)
        at java.lang.Thread.run(Thread.java:722)
2014-03-18 14:08:37,466 ERROR [NioTcpMessageChannel] (NioSelector-TLS-172.22.0.1
23/5081) Error
java.lang.NullPointerException
        at gov.nist.javax.sip.stack.SSLStateMachine.unwrap(SSLStateMachine.java:
263)
        at gov.nist.javax.sip.stack.SSLStateMachine.unwrap(SSLStateMachine.java:
198)
        at gov.nist.javax.sip.stack.NioTlsMessageChannel.addBytes(NioTlsMessageC
hannel.java:205)
        at gov.nist.javax.sip.stack.NioTcpMessageChannel.readChannel(NioTcpMessa
geChannel.java:117)
        at gov.nist.javax.sip.stack.NioTcpMessageProcessor$ProcessorTask.read(Ni
oTcpMessageProcessor.java:151)
        at gov.nist.javax.sip.stack.NioTcpMessageProcessor$ProcessorTask.run(Nio
TcpMessageProcessor.java:336)
        at java.lang.Thread.run(Thread.java:722)
2014-03-18 14:08:37,467 ERROR [NioTcpMessageProcessor] (NioSelector-TLS-172.22.0
.123/5081) Problem processing selection key event
java.lang.RuntimeException: Unexpected internal error !! null
        at gov.nist.core.InternalErrorHandler.handleException(InternalErrorHandl
er.java:56)
        at gov.nist.javax.sip.stack.NioTcpMessageChannel.readChannel(NioTcpMessa
geChannel.java:141)
        at gov.nist.javax.sip.stack.NioTcpMessageProcessor$ProcessorTask.read(Ni
oTcpMessageProcessor.java:151)
        at gov.nist.javax.sip.stack.NioTcpMessageProcessor$ProcessorTask.run(Nio
TcpMessageProcessor.java:336)
        at java.lang.Thread.run(Thread.java:722)
Caused by: java.lang.NullPointerException
        at gov.nist.javax.sip.stack.SSLStateMachine.unwrap(SSLStateMachine.java:
263)
        at gov.nist.javax.sip.stack.SSLStateMachine.unwrap(SSLStateMachine.java:
198)
        at gov.nist.javax.sip.stack.NioTlsMessageChannel.addBytes(NioTlsMessageC
hannel.java:205)
        at gov.nist.javax.sip.stack.NioTcpMessageChannel.readChannel(NioTcpMessa
geChannel.java:117)

What version of the product are you using? On what operating system?
mss-3.0.0-SNAPSHOT-apache-tomcat-7.0.50-1402131520; Windows 8.1

Please provide any additional information below.

Using jdk1.7.0_60 - 64 bits

Original issue reported on code.google.com by lip...@gmail.com on 21 Mar 2014 at 6:00

GoogleCodeExporter commented 8 years ago 
Please share your sip stack properties file and TLS settings. You can try the 
tip here 
http://kennykee.com/350/javax-net-ssl-sslexception-received-fatal-alert-bad_reco
rd_mac-simple-solution/ by allowing on SSL v3 ?

Original comment by jean.deruelle on 17 Apr 2014 at 7:22

GoogleCodeExporter commented 8 years ago 
I tried 
http://kennykee.com/350/javax-net-ssl-sslexception-received-fatal-alert-bad_reco
rd_mac-simple-solution/ but it does not work.
Attached the requested files.
Thank you in advance.

Original comment by lip...@gmail.com on 21 Apr 2014 at 9:48

Attachments:

GoogleCodeExporter commented 8 years ago 
try to add to the SIP Stack props 
gov.nist.javax.sip.TLS_CLIENT_PROTOCOLS=SSLv3,SSLv2Hello
or only gov.nist.javax.sip.TLS_CLIENT_PROTOCOLS=SSLv3

gov.nist.javax.sip.TLS_CLIENT_PROTOCOLS is a String Comma-separated list of 
protocols to use when creating outgoing TLS connections. The default is "SSLv3, 
SSLv2Hello, TLSv1". Some servers do not support SSLv2Hello, so override to 
"SSLv3, TLSv1".

Original comment by jean.deruelle on 24 Apr 2014 at 10:20

GoogleCodeExporter commented 8 years ago

Original comment by jean.deruelle on 25 Apr 2014 at 6:18

GoogleCodeExporter commented 8 years ago 
I tried this fix. It does not work. I have the same error.
Thank you in advance.

Original comment by lip...@gmail.com on 28 Apr 2014 at 12:34

GoogleCodeExporter commented 8 years ago 
Can you attach the wireshark trace ? Also this doesn't seem to be a SIP 
Servlets Container issue but a JDK Issue 
http://stackoverflow.com/questions/22318729/javax-net-ssl-sslexception-received-
fatal-alert-bad-record-mac. Can you retry with OpenJDK to see if that works 
better ?

Original comment by jean.deruelle on 28 Apr 2014 at 12:41

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
with openjdk it does not work better.
Attached the wireshark trace

Original comment by lip...@gmail.com on 28 Apr 2014 at 2:13

Attachments:

GoogleCodeExporter commented 8 years ago 
It doesn't show the TLS handshake attempts done against the SIP Port at 5081 
which gives this exception.
This is happening on an outgoing or incoming connection ?
In case it's incoming : 
I noticed JAIN SIP uses TLS as hardcoded when creating the server SSL context 
https://code.google.com/p/jain-sip/source/browse/src/gov/nist/javax/sip/stack/Ni
oTlsMessageProcessor.java#130
Do you have any skills to modify this to take another value from 
http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.htm
l#SSLContext such as TLS v1.2 exclusively

Original comment by jean.deruelle on 28 Apr 2014 at 2:36

GoogleCodeExporter commented 8 years ago 
I changed NioTlsMessageProcessor.java (attach file) but the problem is the same.

Original comment by lip...@gmail.com on 28 Apr 2014 at 4:07

Attachments:

GoogleCodeExporter commented 8 years ago 
Only seen on Windows 8.1 not Linux. Seems OS dependent and not related to MSS 
itself so closing the issue. Feel free to comment back if it happens again on 
linux

Original comment by jean.deruelle on 8 May 2014 at 1:51

GoogleCodeExporter commented 8 years ago

Original comment by jean.der...@telestax.com on 25 Aug 2014 at 10:53