While trying to connect to Openfire server directly, no issues are noticed, but while trying to connect to OFS through connection manager when SSL is enabled, we are unable to connect.
We enabled debug mode,and during which
***ServerHelloDone
client-4, WRITE: TLSv1.2 Handshake, length = 880
client-6, fatal error: 80: problem unwrapping net record
javax.net.ssl.SSLException: Unsupported record version Unknown-47.115
%% Invalidated: [Session-58, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
client-6, SEND TLSv1.2 ALERT: fatal, description = internal_error
client-6, WRITE: TLSv1.2 Alert, length = 2
client-6, called closeInbound()
client-6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
After the error, no more connections are noticed and the system fails without any more logical errors.
Note: Only TLS algortihms are enabled in system. The sasl mechanism in server configured properly.
In the logs, following error messages are noticed:
javax.net.ssl.SSLHandshakeException: SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:239)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:283)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLException: Unsupported record version Unknown-47.115
at sun.security.ssl.InputRecord.checkRecordVersion(InputRecord.java:552)
at sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:113)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:868)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:658)
at org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:614)
at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:493)
at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
... 9 more
We tried to check the checkRecordVersion(InputRecord.java:552) method and we found that the ssl version check is being done. Still we were unable to find the nature of the issue.
Any hints on how to solve the issue?