Intermittent SSL failure on Tomcat port

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi All, 

I have an issue where intermittent SSL connection to my tomcat port fails with BAD Record MAC error. 

From the catalina.out i can see this :- 

On Success case :-
***READ ChangeCipherSpec

Pre-Master Secret: [

  0000: 13 57 64 11 08 55 02 47 43 5b 1a 6d 76 ce c7 73 [.Wd..U.GC[.mv..s]

  0010: 63 25 9d 49 29 19 27 9b 1b 7f a8 e0 87 a4 1b 5e [c%.I).'........^]

  0020: 06 64 8e 3e ab 3c 8e 15 bb 20 92 3b 58 72 a0 2d [.d.>.<... .;Xr.-]

  0030: 73 86 3b 05 15 d8 c0 e8 a0 2c 01 ce bb 12 a2 58 [s.;......,.....X]

  0040: 2b 9c cc 06 42 ff b6 8f bd fd 69 3c bb b1 42 00 [+...B.....i<..B.]

  0050: 28 ca 71 32 62 92 89 61 63 47 d1 f4 a4 9c 7c 47 [(.q2b..acG....|G]

  0060: 9d 2c 03 db b6 bf eb 9d a2 b6 95 df 33 f1 15 4a [.,..........3..J]

  0070: e7 80 02 1f e5 d7 bd 92 ec b1 b3 8c 6e 36 1b 6b [............n6.k]

  0080: 19 2c 94 06 21 1e 99 73 7c 69 5e 9d 67 22 bc b0 [.,..!..s|i^.g"..]

  0090: 44 32 96 fa f1 df 6c 3b 2c 05 b2 80 7e 22 69 a6 [D2....l;,...~"i.]

  00a0: b8 f2 63 95 5b 72 8e bc fc 21 c6 35 43 0d c1 f5 [..c.[r...!.5C...]

  00b0: 49 cb 89 93 37 e1 0d 1b 99 e9 66 c2 be 44 b3 81 [I...7.....f..D..]

  00c0: c5 13 47 2b 2c cb 02 95 d5 18 87 41 5b 63 8a bb [..G+,......A[c..]

  00d0: ae 8d b1 52 88 41 85 30 03 bc 2a bc 84 5f 79 54 [...R.A.0..*.._yT]

  00e0: 42 07 68 29 ed 18 b0 26 56 ce 7c cd de 67 79 c2 [B.h)...&V.|..gy.]

  00f0: 93 97 22 2a f7 9e 96 de 6f 41 c9 44 18 7d 79 fd [.."*....oA.D.}y.]

]

Master Secret: [

  0000: af a8 6c 5f d3 03 6a f8 17 e0 f9 86 f4 1f 07 da [..l_..j.........]

  0010: 49 1a eb 87 80 2d 35 40 cf fe 7d 22 2a ed f2 de [I....-5@..}"*...]

  0020: 06 ba 3c 51 6a a7 15 ad d6 ad 8a c8 e7 96 d5 47 [..<Qj..........G]

]

SESSION KEYS:

Client Write Key: [

  0000: 29 95 e0 e3 0e 48 37 22 ae c2 2f 39 d0 9d 25 e6 [)....H7"../9..%.]

]

Server Write Key: [

  0000: 84 52 67 fb f2 ac c1 c7 bd b9 d7 87 c9 a3 b3 3d [.Rg............=]

]

Client MAC secret: [

  0000: 9d 4b 51 de 7a 10 9a ae 8c c4 6d 12 70 26 b1 8c [.KQ.z.....m.p&..]

  0010: a3 fc b9 0a                                     [....            ]

]

Server MAC secret: [

  0000: d3 73 13 d8 02 b7 07 b4 fc 02 60 ef a2 72 f1 96 [.s........`..r..]

  0010: 7a 2c 15 29                                     [z,.)            ]

]

Client IV: [

  0000: aa cf 6e 84 76 b4 c7 a2 4d 0a ea 8a 13 0a 17 02 [..n.v...M.......]

]

Server IV: [

  0000: d2 d6 8c bc ce 68 14 21 9b 64 97 70 45 d6 b7 da [.....h.!.d.pE...]

]

***Created and initialized decryption cipher

CipherAlg: AES/CBC/NoPadding

CipherKey: 2995e0e30e483722aec22f39d09d25e6

***Created and initialized Mac

MacAlg: HmacSHA1

MacKey: 9d4b51de7a109aae8cc46d127026b18ca3fcb90a

Mac length used: 20

***DECRYPT: Ciphertext (64): [

  0000: d8 43 9b c9 0f 9d ea c3 7a d0 e1 ef 81 e8 50 a5 [.C......z.....P.]

  0010: 09 05 e5 b9 db e7 86 c9 7a 50 2c 0b 63 dc 2f a1 [........zP,.c./.]

  0020: bf 15 a6 42 ae 04 39 ea 9f 02 7f d5 7c 8c d2 be [...B..9.....|...]

  0030: 0e f3 1e 3a 48 5e 68 42 73 2b 36 40 30 f8 70 58 [...:H^hBs+6@xxxx]

]

***DECRYPT: Plaintext (16): [

  0000: 14 00 00 0c 19 45 c6 86 4c db 85 95 59 70 70 08 [.....E..L...Ypp.]

]

Record received (16): [

  0000: 14 00 00 0c 19 45 c6 86 4c db 85 95 59 70 70 08 [.....E..L...Ypp.]

]

***READ Finished

 

On Failure :-

Pre-Master Secret: [

  0000: 39 be 45 36 65 7a b5 e9 96 68 6d f9 7c 8a 73 ea [9.E6ez...hm.|.s.]

  0010: 23 32 76 83 d4 5e f3 94 12 30 3a b5 d5 13 aa 65 [#2v..^...0:....e]

  0020: cb 31 40 ae 90 c6 14 77 97 74 10 60 f4 2e 69 0c [.1@....w.t.`..i.]

  0030: 98 44 dd 3d 67 63 10 15 27 3f d7 ed e8 bc 9a 4c [.D.=gc..'?.....L]

 0040: ea bb a8 00 b8 dc a3 ce 04 d6 51 64 b4 05 0c 85 [..........Qd....]

  0050: 15 35 cc 72 25 cf 8f 33 f0 74 a8 0f 92 a1 68 c3 [.5.r%..3.t....h.]

  0060: c1 ba e8 fc a1 06 3b 56 fc d5 14 38 2c 22 ae b8 [......;V...8,"..]

  0070: 49 a9 d6 ba 9f a6 1e 43 85 98 6f 93 3e 4d d0 04 [I......C..o.>M..]

  0080: 13 9b b0 f5 c2 a9 f2 11 60 d1 8f d8 26 2c f2 db [........`...&,..]

  0090: e0 49 4e db ba 18 d4 42 6f 73 00 b2 e7 88 4b 40 [.IN....Bos....K@]

  00a0: 9a 92 33 72 4c 10 b7 22 ae 4e 4e b9 54 57 71 0c [..3rL..".NN.TWq.]

  00b0: 60 61 18 2b df 74 a1 c9 bd b4 b9 64 57 f4 65 26 [`a.+.t.....dW.e&]

  00c0: 68 a8 cc 31 cb b3 90 56 15 ce 04 42 a5 33 e5 92 [h..1...V...B.3..]

  00d0: 6e 4b ab 1a 82 30 8c bc a1 91 1a 7b a2 05 f7 53 [nK...0.....{...S]

  00e0: 37 36 1a 04 6d b2 cb 60 ba c9 8a 7d ae 1e 25 e1 [76..m..`...}..%.]

  00f0: 60 00 8f e0 ea fd 4f a0 2b 2a 3a 3d d0 1f 96    [`.....O.+*:=... ]

]

Master Secret: [

  0000: 9b ff 31 0b 7d 8e 8e 76 6f 13 c0 02 fe cd a3 c6 [..1.}..vo.......]

  0010: 47 06 e8 23 e7 07 fe 96 4e ce 62 83 d3 39 0e 00 [G..#....N.b..9..]

  0020: b9 b3 aa a9 29 b8 8b 89 4f 16 12 28 53 3d d6 53 [....)...O..(S=.S]

]

SESSION KEYS:

Client Write Key: [

  0000: 91 8e 89 8b f9 a7 27 a9 59 80 b4 9e aa c0 38 86 [......'.Y.....8.]

]

Server Write Key: [

  0000: 26 e7 2f e8 28 5b 46 78 c9 c8 54 eb 93 9a ff bf [&./.([Fx..T.....]

]

Client MAC secret: [

  0000: 46 0c 73 b3 a4 a0 74 51 fd cc e1 73 5b 3f e9 12 [F.s...tQ...s[?..]

  0010: d3 cb 2c 49                                     [..,I            ]

]

Server MAC secret: [

  0000: 24 a6 75 5f 3f 81 02 12 9c 67 86 f5 f5 90 7a 17 [$.u_?....g....z.]

  0010: 5a ce f7 81                                     [Z...            ]

]

Client IV: [

  0000: 10 e6 74 03 f0 e1 a2 08 93 61 b4 7b f4 4d d9 d7 [..t......a.{.M..]

]

Server IV: [

  0000: 2d bc a7 b9 b1 92 c8 60 50 1c a5 08 d5 87 f1 37 [-......`P......7]

]

***Created and initialized decryption cipher

CipherAlg: AES/CBC/NoPadding

CipherKey: 918e898bf9a727a95980b49eaac03886

***Created and initialized Mac

MacAlg: HmacSHA1

MacKey: 460c73b3a4a07451fdcce1735b3fe912d3cb2c49

Mac length used: 20

***DECRYPT: Ciphertext (64): [

  0000: b5 20 7b 9e 2c f2 71 35 3c fd a3 b2 8a b1 8d 8a [. {.,.q5<.......]

  0010: 08 57 e4 a5 bf c9 fd 6a 78 a1 04 81 ef 4c a6 79 [.W.....jx....L.y]

  0020: cc f9 e2 fe 3b d4 69 58 6c 3e fa 30 fc 38 da 5e [....;.iXl>.0.8.^]

  0030: 15 87 b6 c2 99 4a 8e 81 10 54 cb f6 9d a9 9b 68 [.....J...T.....h]

]

***SEND Alert Fatal, Bad Record Mac

***ENCRYPT: Plaintext (2): [

  0000: 02 14                                           [..              ]

]

***ENCRYPT: Ciphertext (2): [

  0000: 02 14                                           [..              ]

]


From the pcap i am not able to find any bit difference  attached the same . Pcap filter string "tcp.port==8443 && ssl"

    Tomcat version details:- 


Server version: Apache Tomcat/7.0.91
Server built:   Sep 13 2018 19:52:12 UTC
Server number:  7.0.91.0
OS Name:        Linux
OS Version:     2.6.32-431.20.3.el6.x86_64
Architecture:   i386
JVM Version:    1.7.0_201-mockbuild_2018_10_22_02_29-b00
JVM Vendor:     Oracle Corporation

Can anyone please assist me with reason for the failure ??

Thanks,
Madhan

Attachment: pcap.cap
Description: Binary data

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux