javax.net.ssl.SSLException: Received fatal alert: bad_record_mac with Java and https

Question

I am getting the exception as stated in the title of the question, while connecting to server using HTTPS in Java using HttpsURLConnection class. Also I am trying to skip the certificate validation using the second last answer. Can anyone please suggest me any way out?

Update 1: Stack trace

javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1720)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
    at com.kuliza.sitepulse.thread.HttpConnectionThread.run(HttpConnectionThread.java:77)
    at java.lang.Thread.run(Thread.java:662)

I am getting the exception for the line of code: http.connect(); where http is of the type HttpsURLConnection class.

Update 2: SSL log

Here are the SSL Handshake logs:

[Raw read]: length = 5
0000: 15 03 00 00 02                                     .....
[Raw read]: length = 2
0000: 02 14                                              ..
Thread-6, READ: SSLv3 Alert, length = 2
Thread-6, RECV SSLv3 ALERT:  fatal, bad_record_mac
Thread-6, called closeSocket()

Any lead please, this is driving me nuts!!

Thanks in advance!

Answer 1

I know this is coming in way late, but it might help someone, right?

It might help if you include more of the debug output for the ssl connection leading up to the error which you included. I was seeing the same error and just solved it by including -Dhttps.protocols=SSLv3 -Dforce.http.jre.executor=true in my VM arguements ... so if you're lucky, that might work for you too.

Here's my trace:

SESSION KEYGEN:
PreMaster Secret:
0000: 03 00 31 86 59 ED 17 07   6C 37 1F 17 19 B4 A1 16  ..1.Y...l7......
0010: 30 99 60 A1 31 BB 3A 0A   0E 7F 61 F5 7E 4F 35 7A  0.`.1.:...a..O5z
0020: 21 6F 1D 63 42 A1 63 43   5E 48 B2 67 35 E3 DA DF  !o.cB.cC^H.g5...
CONNECTION KEYGEN:
Client Nonce:
0000: 52 65 F0 96 23 24 71 D6   51 1A EF D6 31 D1 39 2A  Re..#$q.Q...1.9*
0010: 13 13 2E 41 8C 7E 80 B8   C0 6E 8A 8C 4E 5A CD FA  ...A.....n..NZ..
Server Nonce:
0000: 52 65 F0 96 CD 4B BE A9   E1 F8 34 B3 C3 23 14 35  Re...K....4..#.5
0010: 05 4F 5C 18 D7 10 5E 80   7B FF 73 DA 85 60 84 8C  .O\...^...s..`..
Master Secret:
0000: 0D 11 FE 0D CD 99 C3 3F   D9 40 CF BC 2E C7 40 5E  .......?.@....@^
0010: B0 C5 4F 75 4A 0A 39 1E   E2 0F 54 E1 A1 7F CE 72  ..OuJ.9...T....r
0020: 4F 99 8F E2 D9 7F C1 AC   FD D0 89 62 F7 72 F9 6F  O..........b.r.o
Client MAC write Secret:
0000: 80 7C C8 E7 02 6D 29 A3   E2 E5 BA 44 94 18 19 65  .....m)....D...e
0010: 63 5D 5D 8A                                        c]].
Server MAC write Secret:
0000: 06 58 B6 2F 03 FB E7 C6   48 1F 68 5C 10 DD 58 8D  .X./....H.h\..X.
0010: 36 7B AC AA                                        6...
Client write key:
0000: B5 C6 23 1E 88 F2 30 76   39 18 AB 0C 71 94 E7 8A  ..#...0v9...q...
Server write key:
0000: 9D 49 1C 52 13 B9 F8 44   DA 87 6C 1C 93 CD 9C 8B  .I.R...D..l.....
Client write IV:
0000: 07 1A A6 47 7E 6E 2B F4   A6 7A 6D DC 5E 74 E8 0F  ...G.n+..zm.^t..
Server write IV:
0000: 32 93 23 CC F4 83 1F 2C   B7 22 28 8C A2 7D B1 01  2.#....,."(.....
main, WRITE: SSLv3 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 00 00 01 01                                  ......
*** Finished
verify_data:  { 179, 120, 197, 29, 60, 98, 37, 252, 37, 183, 141, 166, 140, 77, 63, 118, 23, 245, 11, 144, 27, 201, 63, 22, 192, 187, 40, 220, 78, 17, 118, 104, 112, 238, 156, 176 }
***
[write] MD5 and SHA1 hashes:  len = 40
0000: 14 00 00 24 B3 78 C5 1D   3C 62 25 FC 25 B7 8D A6  ...$.x..<b%.%...
0010: 8C 4D 3F 76 17 F5 0B 90   1B C9 3F 16 C0 BB 28 DC  .M?v......?...(.
0020: 4E 11 76 68 70 EE 9C B0                            N.vhp...
Padded plaintext before ENCRYPTION:  len = 64
0000: 14 00 00 24 B3 78 C5 1D   3C 62 25 FC 25 B7 8D A6  ...$.x..<b%.%...
0010: 8C 4D 3F 76 17 F5 0B 90   1B C9 3F 16 C0 BB 28 DC  .M?v......?...(.
0020: 4E 11 76 68 70 EE 9C B0   46 F4 59 24 44 F1 C3 A8  N.vhp...F.Y$D...
0030: 7E FB 80 EB AD 74 35 28   64 31 65 80 03 03 03 03  .....t5(d1e.....
main, WRITE: SSLv3 Handshake, length = 64
[Raw write]: length = 69
0000: 16 03 00 00 40 FE A7 C8   1D 6D 2E A8 A5 C7 78 8D  ....@....m....x.
0010: 68 04 B2 55 42 B3 3C C1   A2 90 F1 A5 9B 39 1D 96  h..UB.<......9..
0020: 53 43 65 15 2A 17 2C 43   70 AE 8C B5 EE 63 C3 91  SCe.*.,Cp....c..
0030: 73 BC D1 45 34 B1 76 46   B8 C5 CE BF 5E 15 72 E6  s..E4.vF....^.r.
0040: FE 16 9C 43 64                                     ...Cd
[Raw read]: length = 5
0000: 15 03 00 00 02                                     .....
[Raw read]: length = 2
0000: 02 14                                              ..
main, READ: SSLv3 Alert, length = 2
main, RECV SSLv3 ALERT:  fatal, bad_record_mac
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLException: Received fatal alert: bad_record_mac