powered by Jive Software

Bug? javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: bad record MAC

At this point I am not certain of this is Connection Manager module problem or the client but because it is client that blows up, I am posting it to this group.

I have 2 clients written in Smack 3.0.4 - one of them posts a large number of messages, the other one reads them from the server using PacketListener. Everything works fine if I connect both clients directly to the server. However if a client that reads messages is connected to the Connection Manager, I get a SSLException with the following stack trace:

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: bad record MAC

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1173)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1185)

at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:43)

at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)

at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)

at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)

at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)

at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)

at java.io.BufferedWriter.flush(BufferedWriter.java:236)

at org.jivesoftware.smack.PacketWriter.writePackets(PacketWriter.java:274)

at org.jivesoftware.smack.PacketWriter.access$000(PacketWriter.java:40)

at org.jivesoftware.smack.PacketWriter$1.run(PacketWriter.java:87)

Caused by: javax.net.ssl.SSLException: bad record MAC

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1480)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:784)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:68 0)

at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)

at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)

at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)

at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)

at java.io.InputStreamReader.read(InputStreamReader.java:167)

at java.io.BufferedReader.fill(BufferedReader.java:136)

at java.io.BufferedReader.read1(BufferedReader.java:187)

at java.io.BufferedReader.read(BufferedReader.java:261)

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2971)

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3025)

at org.xmlpull.mxp1.MXParser.nextImpl(MXParser.java:1144)

at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)

at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:368)

at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:44)

at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:76)

javax.net.ssl.SSLException: bad record MAC

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1480)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:784)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:68 0)

at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)

at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)

at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)

at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)

at java.io.InputStreamReader.read(InputStreamReader.java:167)

at java.io.BufferedReader.fill(BufferedReader.java:136)

at java.io.BufferedReader.read1(BufferedReader.java:187)

at java.io.BufferedReader.read(BufferedReader.java:261)

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2971)

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3025)

at org.xmlpull.mxp1.MXParser.nextImpl(MXParser.java:1144)

at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)

at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:368)

at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:44)

at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:76)

Connection Manager warn.log contains message, which matches time stamp of SSLException , but I am not 100% certain if this is the cause of the client error or result of closed connection by the client (I am leaning toward the second hypothesis) :

IQ stanza with invalid type was discarded: <iq type=“error” id=“272-70298” from=“nc01” to=“nc02/Connection Worker - 1”><session xmlns=“http://jabber.org/protocol/connectionmanager” id=“nc02ae17f8b4”><failed><message id=“vk75F-5003” to=“trackconsumer@nc01” from=“radarpublisher@nc01/Smack” type=“chat”><body><radartrack><track_id>234567</track_i d><lat>93.747</lat><lon>-65.34</lon><alt>12454& lt;/alt><vel>356</vel></radartrack></body><thread& gt;mfTh10</thread><x xmlns=“jabber:x:delay” from=“nc01” stamp=“20070904T20:35:59”/></message></failed></session>&l t;error code=“404” type=“cancel”><item-not-found xmlns=“urn:ietf:params:xml:ns:xmpp-stanzas”/></error></iq>

The only way I managed to avoid the above error was if both sides where actively connected and writing client would sleep for at least 10 milliseconds between each message being sent. My attempts to slow the reading client (by putting the PacketListener.processPacket method to sleep for the same time before I process the packet) were unsuccessful, but that doesn’t surprise me because I assume the actual reading from the socket happens in another thread.

The code is very simple: writer creates connection and chat object and then in a loop sends 5000 messages. The reader creates connection and then uses the following: PacketFiler with ToContainsFiler and PacketTypeFilter for Message.class and PacketListener impl which gets message body and spits to stdout.

Has anybody seen this error before and has a workable solution which doesn’t not involve slowing down writer (besides this will not work for offline messages that were stored in the server db) ? Should that be logged as a bug for Smack API?