[
https://issues.apache.org/jira/browse/DIRMINA-1186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17934508#comment-17934508
]
Eissam Yassin edited comment on DIRMINA-1186 at 3/12/25 12:53 PM:
------------------------------------------------------------------
Hello [~elecharny]
It is looks like that we are facing the same problem after upgrading from 2.2.1
to 2.2.4, we are rolling back to 2.2.1. We get the following exception:
0311_08:37:43.037, "Io Exception in Em<->Gw connection named 'GW'", [INFO],
T@93, T:ctm.COMM_EM.93, , , COMM_EM,
EmDsectProtocolIoHandlare::exceptionCaught, "javax.net.ssl.SSLException:
Received fatal alert: bad_record_mac
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:204)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at
java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736)
at
java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691)
at
java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506)
at
java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)
at
org.apache.mina.filter.ssl.SSLHandlerG1.receive_loop(SSLHandlerG1.java:250)
at
org.apache.mina.filter.ssl.SSLHandlerG1.receive_start(SSLHandlerG1.java:201)
at
org.apache.mina.filter.ssl.SSLHandlerG1.receive(SSLHandlerG1.java:179)
at
org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:441)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)
at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1224)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1213)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:842)
", ^M
0311_08:37:43.045, "Io Exception in Em<->Gw connection named 'GW'", [INFO],
T@93, T:ctm.COMM_EM.93, , , COMM_EM,
EmDsectProtocolIoHandlare::exceptionCaught, "java.net.SocketException:
Connection reset
at
java.base/sun.nio.ch.SocketChannelImpl.throwConnectionReset(SocketChannelImpl.java:394)
at
java.base/sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:426)
at
org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:378)
at
org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:47)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:519)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1224)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1213)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:842)
", ^M
0311_08:37:43.045, "Io Exception in Em<->Gw connection named 'GW'", [INFO],
T@93, T:ctm.COMM_EM.93, , , COMM_EM,
EmDsectProtocolIoHandlare::exceptionCaught,
"org.apache.mina.core.write.WriteRejectedException: closing
at
org.apache.mina.filter.ssl.SSLHandlerG1.close_start(SSLHandlerG1.java:719)
at org.apache.mina.filter.ssl.SSLHandlerG1.close(SSLHandlerG1.java:697)
at org.apache.mina.filter.ssl.SslFilter.onClose(SslFilter.java:342)
at
org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:423)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilterChain.java:49)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed(DefaultIoFilterChain.java:1092)
at
org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter.java:98)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:606)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(DefaultIoFilterChain.java:599)
at
org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:255)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeNow(AbstractPollingIoProcessor.java:1144)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.removeSessions(AbstractPollingIoProcessor.java:864)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:694)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:842)
You wrote "or rollback to 2.2.3 for the SslFilter part, but keep the CVE fix
from 2.2.4, waiting for the previous option."
What do you mean with "keep the CVE fix from 2.2.4"?
Thanks,
Eissam Yassin
was (Author: JIRAUSER302469):
Hello [~elecharny]
We are facing the same problem after upgrading from 2.2.1 to 2.2.4, we are
rolling back to 2.2.1.
You wrote "or rollback to 2.2.3 for the SslFilter part, but keep the CVE fix
from 2.2.4, waiting for the previous option."
What do you mean with "keep the CVE fix from 2.2.4"?
Thanks,
Eissam Yassin
> 2.2.4 release causes some failure during TLS message exchanges
> --------------------------------------------------------------
>
> Key: DIRMINA-1186
> URL: https://issues.apache.org/jira/browse/DIRMINA-1186
> Project: MINA
> Issue Type: Bug
> Affects Versions: 2.2.4
> Reporter: Emmanuel Lécharny
> Priority: Blocker
> Fix For: 2.2.5
>
>
> When sending big messages in Apache Directory Server (above the 16K TLS
> packet limit), we get some error, like this one:
> {code:java}
> javax.net.ssl|SEVERE|12|NioProcessor-2|2025-02-13 05:05:37.219
> CET|TransportContext.java:316|Fatal (BAD_RECORD_MAC): Tag mismatch! (
> "throwable" : {
> javax.crypto.AEADBadTagException: Tag mismatch!
> at
> com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:620)
> at
> com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116)
> at
> com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053)
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:941)
> at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491)
> at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:779)
> at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
> at javax.crypto.Cipher.doFinal(Cipher.java:2463)
> at
> sun.security.ssl.SSLCipher$T12GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1606)
> at
> sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240)
> at
> sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197)
> at
> sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160)
> at sun.security.ssl.SSLTransport.decode(SSLTransport.java:109)
> at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:575)
> at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:531)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:398)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:377)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
> at
> org.apache.mina.filter.ssl.SSLHandlerG1.receive_loop(SSLHandlerG1.java:250)
> at
> org.apache.mina.filter.ssl.SSLHandlerG1.receive_loop(SSLHandlerG1.java:311)
> at
> org.apache.mina.filter.ssl.SSLHandlerG1.receive_loop(SSLHandlerG1.java:311)
> at
> org.apache.mina.filter.ssl.SSLHandlerG1.receive_start(SSLHandlerG1.java:201)
> at
> org.apache.mina.filter.ssl.SSLHandlerG1.receive(SSLHandlerG1.java:179)
> at
> org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:441)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)
> at
> org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643)
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539)
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68)
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1224)
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1213)
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683)
> at
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)}
> )
> {code}
> This never happens in 2.2.2 or 2.2.3. I think there a regression has been
> introduced in the rewritten SslFilter and the associated classes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
