Reputation: 83
getting "javax.net.ssl.SSLException: MAC data does not match" while creating a TLS connection
![enter image description here][1] ![enter image description here][2] ![enter image description here][3]
I am trying to create a secure connection between client and server. Client is supporting TLSv1.2 and Server is supporting TLSv1.0. But getting "javax.net.ssl.SSLException: MAC data does not match" exception.
here is the printstacktrace :
javax.net.ssl.SSLException: MAC data does not match.
at com.rsa.sslj.x.aJ.b(Unknown Source)
at com.rsa.sslj.x.aJ.a(Unknown Source)
at com.rsa.sslj.x.aJ.a(Unknown Source)
at com.rsa.sslj.x.aU.c(Unknown Source)
at com.rsa.sslj.x.aU.a(Unknown Source)
at com.rsa.sslj.x.aU.h(Unknown Source)
at com.rsa.sslj.x.cI.startHandshake(Unknown Source)
at com.sun.jndi.ldap.ext.StartTlsResponseImpl.startHandshake(StartTlsResponseImpl.java:361)
at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:225)
at com.cisco.ccm.admin.utilities.LdapUtil.validateHost(LdapUtil.java:383)
at com.cisco.ccm.admin.utilities.LdapUtil.validateHost(LdapUtil.java:289)
I checked in my code the enabled protcols are SSLv3, TLSv1 , TLSv1.1 and TLSv1.2 using getEnabledProtocols() method. I have read in the TLSv1.2 rfc that if the server is supporting the lower version of TLS then client, client should negotiate with lower version of TLS.
But in my case, i am getting the above exception.(why ??... that shouldnot happen and negotiate with the TLSv1).
NOTE : Also, if i set the enabled protocol as TLSv1 only, then i am able to create a TLS connection.
Please help me out. Thanks
[1]: https://i.sstatic.net/RC4Ha.jpg
[2]: https://i.sstatic.net/rjXjq.jpg
[3]: https://i.sstatic.net/WIRvF.jpg
Upvotes: 0
Views: 454
Answers (1)
Reputation: 5538
It is definitely a problem of version incompatible. One thing for sure is that TLS is the new name for SSL. Namely, SSL protocol got to version 3.0; TLS 1.0 is "SSL 3.1". TLS versions currently defined include TLS 1.1 and 1.2.
Also, the following wiki link (http://en.wikipedia.org/wiki/Transport_Layer_Security) shows that
All TLS versions were further refined in RFC 6176 in March 2011 removing their backward compatibility with SSL such that TLS sessions will never negotiate the use of Secure Sockets Layer (SSL) version 2.0.
Also between TLS and SSL, the MAC/HMAC differs (TLS uses HMAC whereas SSL uses an earlier version of HMAC). I am suspecting that somehow your code still might be picking us SSL. Could you please disable SSL and try again?
Upvotes: 0
Related Questions
- How to connect LDAP with TLS by JAVA
- SSLHandshakeException while connection to LDAPS(Active Directory)
- LDAP Access - javax.naming.CommunicationException: simple bind failed
- Java 7 with TLSv1.2 connect to LDAPS handshake failure
- LDAP connection throwing SunCertPathBuilderException, on alternate connections on linux
- LDAP - error: 'Cannot send the simple bind request: SSLException(Unrecognized SSL message, plaintext connection?)'
- LDAPConnection (org.apache.directory.ldap.client.api.LdapConnection) fails on ssl
- How to ensure LDAP connection over SSL from JNDI
- Implementing LDAP over TLS
- Authenticate via LDAP fails when using TLS