Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server-core
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
OneDev 11.6.0
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server server-core Issues #1060
S2S between two Tigase instances doesn't work in non-hardened mode (#1060)
wojciech.kapcia@tigase.net opened 5 years ago

While working on #systems-67 - trying to establish connection between the two results in

  • accepting node:
javax.net.ssl.SSLHandshakeException: Tag mismatch!
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:129)
        at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:668)
        at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:623)
        at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:441)
        at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:420)
        at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:634)
        at tigase.io.JcaTLSWrapper.unwrap(JcaTLSWrapper.java:236)
        at tigase.io.TLSIO.decodeData(TLSIO.java:344)
        at tigase.io.TLSIO.read(TLSIO.java:170)
        at tigase.net.IOService.readData(IOService.java:727)
        at tigase.xmpp.XMPPIOService.processSocketData(XMPPIOService.java:456)
        at tigase.net.IOService.call(IOService.java:182)
        at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:144)
        at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:49)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
        at java.base/com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:623)
        at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116)
        at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053)
        at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:941)
        at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491)
        at java.base/javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:779)
        at java.base/javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
        at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2497)
        at java.base/sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1887)
        at java.base/sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240)
        at java.base/sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197)
        at java.base/sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
        at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:668)
        at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:623)
        at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:441)
        at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:420)
        at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:634)
        at tigase.io.JcaTLSWrapper.unwrap(JcaTLSWrapper.java:236)
        at tigase.io.TLSIO.decodeData(TLSIO.java:344)
        at tigase.io.TLSIO.read(TLSIO.java:170)
        at tigase.net.IOService.readData(IOService.java:727)
        at tigase.xmpp.XMPPIOService.processSocketData(XMPPIOService.java:456)
        at tigase.net.IOService.call(IOService.java:182)
        at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:144)
        at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:49)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
  • connecting node:
java.io.IOException: Connection reset by peer
        at java.base/sun.nio.ch.FileDispatcherImpl.read0(Native Method)
        at java.base/sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)
        at java.base/sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:276)
        at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:233)
        at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:223)
        at java.base/sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:358)
        at tigase.io.SocketIO.read(SocketIO.java:177)
        at tigase.io.TLSIO.read(TLSIO.java:163)
        at tigase.net.IOService.readData(IOService.java:729)
        at tigase.xmpp.XMPPIOService.processSocketData(XMPPIOService.java:456)
        at tigase.net.IOService.call(IOService.java:184)
        at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:144)
        at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:49)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
wojciech.kapcia@tigase.net commented 4 years ago

Checked it with current HardenedMode settings (relaxed/secure/strict) and it worked. Issue most likely was caused by #issue #1101 (hardened mode was not enabling tls1.3 and disabling hardened mode was actually enabling tls1.3).
issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Bartosz MaƂkowski
Version
tigase-server-8.1.0, tigase-server-8.0.1
Spent time
1h 45m
Related
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/server-core#1060
Please wait...
Page is in error, reload to recover