Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Understanding bad record MAC

"Bad record mac" looks like a TLS Alert.

Typical explanations for this alert is "Possibly a bad SSL implementation, or payload has been tampered with"

I had some buggy versions of openssl that had this bug, but once I upgraded to 1.0.1e it went away.

Joakim Erdfelt <joakim@xxxxxxxxxxx>
Developer advice, services and support
from the Jetty & CometD experts

On Fri, Mar 1, 2013 at 10:29 AM, Mark Wyszomierski <markww@xxxxxxxxx> wrote:
Hi all,

I've been trying to get an ios UIWebView to establish an https connection with a jetty instance (v7.6.9 on a windows machine). The jetty instance is loading an ssl certificate I got from godaddy. For what it's worth, firefox/chrome/safari work just fine with the same endpoint, they don't have any problems with the certificate. 

Mobile safari exhibits a similar problem, though. I don't have log output for that yet. The browser will just timeout.

With debug logging on, I can see an SSLException is thrown when the UIWebView attempts to connect. I have the full log, can post it if it helps. Here's a snippet:

... (note: ip addresses masked) ...
2013-03-01 11:32:47.015:DBUG:oejh.HttpParser:filled 0/0
2013-03-01 11:32:47.015:DBUG:oejin.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@f44fe SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@1de0733,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0} NOT_HANDSHAKING filled=0/0 flushed=0/0
2013-03-01 11:32:47.030:DBUG:oejin.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] handle SslConnection@f44fe SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false {AsyncHttpConnection@1de0733,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0} progress=false
2013-03-01 11:32:47.046:DBUG:oejin.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@f44fe SSL NOT_HANDSHAKING i/o/u=389/0/0 ishut=false oshut=false {AsyncHttpConnection@1de0733,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0} NOT_HANDSHAKING filled=389/389 flushed=0/0
2013-03-01 11:32:47.046:DBUG:oejin.ssl:SCEP@12e1b7f{l(/<->r(/,d=true,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{SslConnection@f44fe SSL NEED_WRAP i/o/u=389/0/0 ishut=false oshut=false {AsyncHttpConnection@1de0733,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0}} bad record MAC
at Source)
at Source)
at Source)
at Source)
at Source)
at Source)
at Source)
at org.eclipse.jetty.http.HttpParser.fill(
at org.eclipse.jetty.http.HttpParser.parseNext(
at org.eclipse.jetty.http.HttpParser.parseAvailable(
at org.eclipse.jetty.server.AsyncHttpConnection.handle(
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(
at org.eclipse.jetty.util.thread.QueuedThreadPool$
at Source)

Any idea where I should continue looking?


jetty-users mailing list

Back to the top