Skip to main content

Problem with Java 1.8 and SSL

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
4 replies [Last post]
thymjonat2
Offline
Joined: 2014-02-20

I am using Elluminate Live 10! which is an old application and I have no more support. Using Java 1.7.51 everything still works (I had to do some small manipulation but everything works). I tried under Java 1.8 to access to my application (which is a JNLP) and I get an error message.

I have a master server which talk with a slave server using JINXSSL. and the problem seems to be between those two.

I don'T play so much on those server so I don't know much.

But there is definetly something in Java 8 that block my app. Can someone be kind enough to help me? Is there any change that could have lead to this problem?

Thanks

Jon

AttachmentSize
ELL.jpg60.25 KB

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
jjain
Offline
Joined: 2014-03-03

Hi All,

Please reply on the above issue.

Thanks

t_heit
Offline
Joined: 2005-05-03

I also have problems using SSL connections on JDK 8 (build 129) on Solaris 11.1/x86_64:

I installed Tomcat 8.0.3 on my machine, didn't change anything in its configuration apart from enabling the SSL connector as described in the docs. Accessing Tomcat normally via HTTP on port 8080 works, both with Java 7u51 and Java 8 b129.
Accessing Tomcat via HTTPS on port 8443 only works with Java 7u51; with Java 8 the following error is shown in /logs/catalina.out:

05-Mar-2014 14:06:49.655 SEVERE [http-nio-8443-exec-4] org.apache.coyote.http11.AbstractHttp11Processor.process Error processing request
java.lang.IllegalStateException: Must use either different key or iv for GCM encryption
        at com.oracle.security.ucrypto.NativeGCMCipher.engineDoFinal(NativeGCMCipher.java:359)
        at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:830)
        at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
        at javax.crypto.Cipher.doFinal(Cipher.java:2416)
        at sun.security.ssl.CipherBox.encrypt(CipherBox.java:396)
        at sun.security.ssl.EngineOutputRecord.write(EngineOutputRecord.java:300)
        at sun.security.ssl.EngineOutputRecord.write(EngineOutputRecord.java:225)
        at sun.security.ssl.EngineWriter.writeRecord(EngineWriter.java:186)
        at sun.security.ssl.SSLEngineImpl.writeRecord(SSLEngineImpl.java:1280)
        at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1251)
        at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1166)
        at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
        at org.apache.tomcat.util.net.SecureNioChannel.write(SecureNioChannel.java:498)
        at org.apache.tomcat.util.net.NioBlockingSelector.write(NioBlockingSelector.java:101)
        at org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:173)
        at org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(InternalNioOutputBuffer.java:139)
        at org.apache.coyote.http11.InternalNioOutputBuffer.addToBB(InternalNioOutputBuffer.java:197)
        at org.apache.coyote.http11.InternalNioOutputBuffer.access$000(InternalNioOutputBuffer.java:41)
        at org.apache.coyote.http11.InternalNioOutputBuffer$SocketOutputBuffer.doWrite(InternalNioOutputBuffer.java:320)
        at org.apache.coyote.http11.filters.ChunkedOutputFilter.doWrite(ChunkedOutputFilter.java:118)
        at org.apache.coyote.http11.AbstractOutputBuffer.doWrite(AbstractOutputBuffer.java:257)
        at org.apache.coyote.Response.doWrite(Response.java:523)
        at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:391)
        at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:426)
        at org.apache.catalina.connector.OutputBuffer.realWriteChars(OutputBuffer.java:474)
        at org.apache.tomcat.util.buf.CharChunk.flushBuffer(CharChunk.java:393)
        at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:276)
        at org.apache.catalina.connector.Response.finishResponse(Response.java:409)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:557)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1015)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:652)
        at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1575)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1533)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:744)

Firefox displays the following error:

"An error occurred during a connection to ...:8443.
SSL received a record with an incorrect Message Authentication Code.
(Error: ssl_error_bad_mac_read)"

I'm using a certificate that I signed using my own local CA:

$ keytool -genkeypair -alias tomcat -keyalg RSA
$ keytool -certreq -keyalg RSA -alias tomcat -file tomcat.csr

Sign the request using my own CA:

$ openssl ca -out tomcat.cer -policy policy_anything -days 3650 -infiles tomcat.csr

Import the root CA certificate and the signed certificate into my Tomcat user's keytore:

$ keytool -import -alias root -trustcacerts -file <my-own-root-ca.crt>
$ keytool -import -alias tomcat -file tomcat.cer

Any idea what's going on here?

Unnecessary to mention that the above stack trace is the only error I see in the Tomcat logs, and that Tomcats flawlessly...

wetmore
Offline
Joined: 2005-04-29

This is now being tracked as: https://bugs.openjdk.java.net/browse/JDK-8036970

t_heit
Offline
Joined: 2005-05-03

Great, thanks.