[
https://issues.apache.org/jira/browse/GEODE-8463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17200313#comment-17200313
]
ASF subversion and git services commented on GEODE-8463:
--------------------------------------------------------
Commit 76edadc898564c9aef66a4271e5b2456220b220a in geode's branch
refs/heads/develop from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=76edadc ]
Revert "GEODE-8463: server's log filled with SSLException: Tag mismatch!
(#5482)" (#5531)
This reverts commit 20a35ece18054e96eccda70c65a015f4af26b4c7.
Changes for GEODE-8506 have fixed the problems with using TLSv1.3 in
Java 8 so this commit needs to be reverted.
> server's log filled with SSLException: Tag mismatch!
> ----------------------------------------------------
>
> Key: GEODE-8463
> URL: https://issues.apache.org/jira/browse/GEODE-8463
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
> Reporter: Bruce J Schuchardt
> Assignee: Bruce J Schuchardt
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.14.0
>
>
> In a TLS test using the latest Oracle JDK8 server logs filled with these
> messages:
> {noformat}
> [info 2020/08/10 17:09:19.204 PDT <P2P message reader for
> rs-GEM-2886-FD2236a0i32xlarge-hydra-client-1(bridgegemfire4_host1_27404:27404)<ec><v1>:41003
> shared ordered uid=7 local port=41284
> remote port=37024> tid=0x6c] P2P message reader@26dd073d io exception for
> rs-GEM-2886-FD2236a0i32xlarge-hydra-client-1(bridgegemfire4_host1_27404:27404)<ec><v1>:41003(uid=7)
> javax.net.ssl.SSLException: Tag mismatch!
> at sun.security.ssl.Alert.createSSLException(Alert.java:133)
> at sun.security.ssl.TransportContext.fatal(TransportContext.java:327)
> at sun.security.ssl.TransportContext.fatal(TransportContext.java:270)
> at sun.security.ssl.TransportContext.fatal(TransportContext.java:265)
> at sun.security.ssl.SSLTransport.decode(SSLTransport.java:119)
> at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:594)
> at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:549)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:413)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:392)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
> at
> org.apache.geode.internal.net.NioSslEngine.unwrap(NioSslEngine.java:272)
> at
> org.apache.geode.internal.tcp.Connection.processInputBuffer(Connection.java:2727)
> at
> org.apache.geode.internal.tcp.Connection.readMessages(Connection.java:1621)
> at org.apache.geode.internal.tcp.Connection.run(Connection.java:1458)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
> at
> com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:620)
> at
> com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116)
> at
> com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053)
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
> at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
> at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:826)
> at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
> at javax.crypto.Cipher.doFinal(Cipher.java:2463)
> at
> sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1880)
> at
> sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240)
> at
> sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197)
> at
> sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160)
> at sun.security.ssl.SSLTransport.decode(SSLTransport.java:110)
> {noformat}
>
> The protocol and cipher were both set to "any".
> We determined that this was selecting TLSv1.3, which was only recently
> introduced as an available protocol in Oracle's JDK8. If TLSv1.2 is
> specified instead of "any" things work fine.
> The problem does not occur with Geode v1.13 unless you request TLSv1.3 with
> Oracle JDK8. We were using 1.8.0_261.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
