javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
Had an issue with a user unable to log in, put the server into debug mode and captured this
The client in debug just notes this:
I removed the user from a shared roster and the login now works. Wonder if openfire is generating some bad xml or something, hmmm
Linux 64bit RHEL6 Sun java 1.6.0
I'm gonna mark this as resolved. I was finally able to get this pushed to production yesterday and it resolved the issue.
I replaced the MINA SSL filter with a version that is based on the source of the latest 1.1 branch of MINA (which we already used), but patched with a fix similar to the one described above and in DIRMINA-914. Daryl tested the new Openfire build, and confirmed that the issue appears to be solved.
I invite you all to try out the fix. It can be obtained through this Bamboo build: http://bamboo.igniterealtime.org/browse/OPENFIRE-TRUNK/latest (use build number 393 or later). The nightlies that are available on igniterealtime.org will be updated tonight.
My first pass of testing trunk for this bug looks promising. I was able to construct a roster stanza of 16113 bytes and the client was not disconnected. With 3.8.2, this bug would occur.
By the by, my environment is Debian 7.1 Wheezy using the openfire_3.8.2_all.deb installer.
The javax.net.ssl.SSLException was reported for me in versions 3.8.0, 3.8.1, and 3.8.2. When I loaded 3.7.1 and finally got logged in, no one could see a roster, despite being connected. Unsure if the error was present during that version in my environment, however I do know for a fact that it was present in all the 3.8.x versions.
I've used the following jvms:
openjdk-6-jre:amd64 (6b27 and 6b25)
jre1.7.0_25 (Oracle Java)
Currently I am running openfire under jre1.7.0_25