Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL OpenJDK Error in Membrane Dockerimage 5.1 #710

Closed
predic8 opened this issue Aug 30, 2023 · 2 comments
Closed

SSL OpenJDK Error in Membrane Dockerimage 5.1 #710

predic8 opened this issue Aug 30, 2023 · 2 comments
Assignees
@predic8
Milestone
5.2.0

Comments

@predic8
Copy link
Member

predic8 commented Aug 30, 2023

During SSL Handshake you get:

javax.net.ssl.SSLHandshakeException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)
at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?]
at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?]
at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?]
at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?]
at sun.security.ssl.SSLTransport.decode(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl.decode(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl.ensureNegotiated(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl$AppInputStream.read(Unknown Source) ~[?:?]
at java.io.BufferedInputStream.fill(Unknown Source) ~[?:?]
at java.io.BufferedInputStream.implRead(Unknown Source) ~[?:?]
at java.io.BufferedInputStream.read(Unknown Source) ~[?:?]
at com.predic8.membrane.core.transport.http.HttpServerHandler.run(HttpServerHandler.java:98) ~[service-proxy-core-5.1.19.jar:5.1.19]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) ~[?:?]
at java.lang.Thread.run(Unknown Source) ~[?:?]
Caused by: javax.crypto.BadPaddingException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)
at sun.security.ssl.SSLCipher$T13CC20P1305ReadCipherGenerator$CC20P1305ReadCipher.decrypt(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketInputRecord.decode(Unknown Source) ~[?:?]
... 13 more

This is a know issue in OpenJDK

See: https://bugs.openjdk.org/browse/JDK-8221218

We should update the Docker Image in Membrane 5.2.
@predic8 predic8 self-assigned this Aug 30, 2023
@predic8 predic8 added this to the 5.2.0 milestone Aug 30, 2023
@koin612
Copy link
Contributor

koin612 commented Aug 30, 2023

I think we should also check for #562 in this case.

@predic8
Copy link
Member Author

predic8 commented Aug 31, 2023

I could not reproduce it locally. Maybe it only happens with some server. We will change the base image of the dockerfile to a stable Java 17 and see.

@predic8 predic8 closed this as completed Aug 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@predic8 predic8

Labels
None yet
Projects
None yet
Milestone
5.2.0
Development

No branches or pull requests
2 participants
@predic8 @koin612