SSL fails to unwrap RRDP due to a buffer size issue

[geeohgeegeeoh]

Error retrieving RRDP repository at https://rrdp.rpki.nlnetlabs.nl/rrdp/notification.xml: Error downloading 'https://rrdp.rpki.nlnetlabs.nl/rrdp/0d247cb5-01a6-4c1c-a272-ef55c6a65362/2/snapshot.xml', cause: failed reading response stream for https://rrdp.rpki.nlnetlabs.nl/rrdp/0d247cb5-01a6-4c1c-a272-ef55c6a65362/2/snapshot.xml: java.util.concurrent.ExecutionException: javax.net.ssl.SSLException: Fail to unwrap network record, cause: javax.net.ssl.SSLException: Fail to unwrap network record, cause: Fail to unwrap network record, cause: javax.crypto.ShortBufferException: Output buffer too small, cause: Output buffer too small

FreeBSD 12.1, with openjdk 12 2019-07-16

[geeohgeegeeoh]

Looks like its a known OpenJDK bug. You probably could hack around it, but the root cause is not in you: its OpenJDK

[geeohgeegeeoh]

problem not present on FreeBSD 12 with OpenJDK 13.

[omuravskiy]

Hi George,

I would just stick to OpenJDK 8 for our validator. Unless you need 12 or 13 for something else on that box...

Oleg

[geeohgeegeeoh]

There are a huge number of patches in network and security related areas after eight. Thirteen is working well for me.

G

On Tue, 3 Dec. 2019, 6:55 pm Oleg Muravskiy, notifications@github.com wrote:

Hi George,

I would just stick to OpenJDK 8 for our validator. Unless you need 12 or 13 for something else on that box...

Oleg

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/RIPE-NCC/rpki-validator-3/issues/118?email_source=notifications&email_token=ABORQ7G4YHRQAVOQ5M2LFFDQWYNGHA5CNFSM4JUNO2M2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEFYSYPY#issuecomment-561065023, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABORQ7CWGCUEPHLMCHRNW3DQWYNGHANCNFSM4JUNO2MQ .