CODEWITHSUNDEEP
javasslhttps
Amith
Amith

Reputation: 1967

javax.net.ssl.SSLException: Received fatal alert: bad_record_mac

I'm getting a javax.net.ssl.SSLException: Received fatal alert: bad_record_mac for an HTTPS connection. This doesn't happen for every request -- if I send the same request in 10 times I only get this error once or twice.

I have the following code to validate the certificate:

TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            public void checkClientTrusted(X509Certificate[] certs, String authType) {
            }

            public void checkServerTrusted(X509Certificate[] certs, String authType) {
            }

        } };

        try {
            SSLContext sslContext = null;
                try {
                    sslContext = SSLContext.getInstance("SSLv3");
                    
                } catch (NoSuchAlgorithmException e3) {
                    logException(Arrays.toString(e3.getStackTrace()));          
            }

            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
            SSLSocketFactory factory = sslContext.getSocketFactory();
            HttpsURLConnection.setDefaultSSLSocketFactory(factory);
        } catch (KeyManagementException e) {
            logException(Arrays.toString(e.getStackTrace()));
        }

        // Create all-trusting host name verifier
        HostnameVerifier allHostsValid = new HostnameVerifier() {
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        };
        // Install the all-trusting host verifier
        HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
        /*
         * end of the fix
         */

I've set two system properties in my main method:

System.setProperty("jsse.enableSNIExtension", "false");
        System.setProperty("https.protocols", "SSLv3");

But nothing helps.

Upvotes: 9

Views: 41421

Answers (3)

swist
swist

Reputation: 1171

It is a hard to say what causing this. You need to find out by analyzing the logs. Enable debug by setting property:

System.setProperty("javax.net.debug", "all");

and check what is wrong.

A problem may be that the server is not supporting TLS, which may be picked by the implementation. To make sure that you always use the plain SSLv3 set the property:

System.setProperty("https.protocols", "SSLv3");

Upvotes: 4

Alex
Alex

Reputation: 3076

Try set com.sun.net.ssl.rsaPreMasterSecretFix to true.

Upvotes: 2

Old Pro
Old Pro

Reputation: 25537

According to this rubygems issue and the detailed description of the error (see below), it appears to be a bug in Oracle's JDK that is not present in OpenJDK. I recall (but cannot verify) that there was a bug in OpenSSL that also caused this error, so you may want to check the software on the other side of the connection.

You can read more details about what this error means here.

Upvotes: 5

Related Questions