[ https://issues.apache.org/jira/browse/DIRMINA-1186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17941474#comment-17941474 ]
Emmanuel Lécharny commented on DIRMINA-1186: -------------------------------------------- Hi Jonathan, I have no idea if the writer side has a thread pool, but we must assume it has. The task execution should obviously be thread safe, and I can add the synchronized on the execute_task method. I have an issue with the way it's globally work, from the top of my head since I haven't had time to look at the code in the past 2 monts, but I remember that there is a recursive call that many be removed. But again, this is from the top of my head... > 2.2.4 release causes some failure during TLS message exchanges > -------------------------------------------------------------- > > Key: DIRMINA-1186 > URL: https://issues.apache.org/jira/browse/DIRMINA-1186 > Project: MINA > Issue Type: Bug > Affects Versions: 2.2.4 > Reporter: Emmanuel Lécharny > Priority: Blocker > Fix For: 2.2.5 > > > When sending big messages in Apache Directory Server (above the 16K TLS > packet limit), we get some error, like this one: > {code:java} > javax.net.ssl|SEVERE|12|NioProcessor-2|2025-02-13 05:05:37.219 > CET|TransportContext.java:316|Fatal (BAD_RECORD_MAC): Tag mismatch! ( > "throwable" : { > javax.crypto.AEADBadTagException: Tag mismatch! > at > com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:620) > at > com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116) > at > com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053) > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:941) > at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491) > at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:779) > at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730) > at javax.crypto.Cipher.doFinal(Cipher.java:2463) > at > sun.security.ssl.SSLCipher$T12GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1606) > at > sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240) > at > sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197) > at > sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160) > at sun.security.ssl.SSLTransport.decode(SSLTransport.java:109) > at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:575) > at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:531) > at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:398) > at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:377) > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626) > at > org.apache.mina.filter.ssl.SSLHandlerG1.receive_loop(SSLHandlerG1.java:250) > at > org.apache.mina.filter.ssl.SSLHandlerG1.receive_loop(SSLHandlerG1.java:311) > at > org.apache.mina.filter.ssl.SSLHandlerG1.receive_loop(SSLHandlerG1.java:311) > at > org.apache.mina.filter.ssl.SSLHandlerG1.receive_start(SSLHandlerG1.java:201) > at > org.apache.mina.filter.ssl.SSLHandlerG1.receive(SSLHandlerG1.java:179) > at > org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:441) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128) > at > org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1224) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1213) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683) > at > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748)} > ) > {code} > This never happens in 2.2.2 or 2.2.3. I think there a regression has been > introduced in the rewritten SslFilter and the associated classes. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org