[
https://issues.apache.org/jira/browse/GEODE-8463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17200312#comment-17200312
]
ASF GitHub Bot commented on GEODE-8463:
---------------------------------------
bschuchardt merged pull request #5531:
URL: https://github.com/apache/geode/pull/5531
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> server's log filled with SSLException: Tag mismatch!
> ----------------------------------------------------
>
> Key: GEODE-8463
> URL: https://issues.apache.org/jira/browse/GEODE-8463
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
> Reporter: Bruce J Schuchardt
> Assignee: Bruce J Schuchardt
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.14.0
>
>
> In a TLS test using the latest Oracle JDK8 server logs filled with these
> messages:
> {noformat}
> [info 2020/08/10 17:09:19.204 PDT <P2P message reader for
> rs-GEM-2886-FD2236a0i32xlarge-hydra-client-1(bridgegemfire4_host1_27404:27404)<ec><v1>:41003
> shared ordered uid=7 local port=41284
> remote port=37024> tid=0x6c] P2P message reader@26dd073d io exception for
> rs-GEM-2886-FD2236a0i32xlarge-hydra-client-1(bridgegemfire4_host1_27404:27404)<ec><v1>:41003(uid=7)
> javax.net.ssl.SSLException: Tag mismatch!
> at sun.security.ssl.Alert.createSSLException(Alert.java:133)
> at sun.security.ssl.TransportContext.fatal(TransportContext.java:327)
> at sun.security.ssl.TransportContext.fatal(TransportContext.java:270)
> at sun.security.ssl.TransportContext.fatal(TransportContext.java:265)
> at sun.security.ssl.SSLTransport.decode(SSLTransport.java:119)
> at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:594)
> at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:549)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:413)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:392)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
> at
> org.apache.geode.internal.net.NioSslEngine.unwrap(NioSslEngine.java:272)
> at
> org.apache.geode.internal.tcp.Connection.processInputBuffer(Connection.java:2727)
> at
> org.apache.geode.internal.tcp.Connection.readMessages(Connection.java:1621)
> at org.apache.geode.internal.tcp.Connection.run(Connection.java:1458)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
> at
> com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:620)
> at
> com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116)
> at
> com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053)
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
> at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
> at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:826)
> at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
> at javax.crypto.Cipher.doFinal(Cipher.java:2463)
> at
> sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1880)
> at
> sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240)
> at
> sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197)
> at
> sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160)
> at sun.security.ssl.SSLTransport.decode(SSLTransport.java:110)
> {noformat}
>
> The protocol and cipher were both set to "any".
> We determined that this was selecting TLSv1.3, which was only recently
> introduced as an available protocol in Oracle's JDK8. If TLSv1.2 is
> specified instead of "any" things work fine.
> The problem does not occur with Geode v1.13 unless you request TLSv1.3 with
> Oracle JDK8. We were using 1.8.0_261.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
