Tamás Hanicz created KNOX-3172:
----------------------------------
Summary: BouncyCastle FIPS provider Broken Pipe exception
Key: KNOX-3172
URL: https://issues.apache.org/jira/browse/KNOX-3172
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 2.1.0
Reporter: Tamás Hanicz
Assignee: Tamás Hanicz
The BC FIPS provider causes a SocketException with 'Broken Pipe' message on
FIPS clusters. It tries to write to a closed connection and it results in HTTP
500 responses from Knox.
The solution catches and ignores this exception on the socket level. The
intercepting socket would only load if FIPS arg is provided for Knox. This arg
is defaults to com.safelogic.cryptocomply.fips.approved_only=true and can be
changed in the gateway-site.xml.
{code:java}
java.net.SocketException: Broken pipe (Write failed)at
java.net.SocketOutputStream.socketWrite0(Native Method)at
java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)at
java.net.SocketOutputStream.write(SocketOutputStream.java:155)at
org.bouncycastle.tls.RecordStream.writeRecord(RecordStream.java:307)at
org.bouncycastle.tls.TlsProtocol.safeWriteRecord(TlsProtocol.java:927)at
org.bouncycastle.tls.TlsProtocol.raiseAlertWarning(TlsProtocol.java:1602)at
org.bouncycastle.tls.TlsProtocol.handleClose(TlsProtocol.java:299)at
org.bouncycastle.tls.TlsProtocol.close(TlsProtocol.java:1780)at
org.bouncycastle.jsse.provider.ProvSSLSocketWrap.close(ProvSSLSocketWrap.java:154){code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
