javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.711 CST|SSLSocketOutputRecord.java:72|WRITE: TLS13 alert(handshake_failure), length = 2 javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.712 CST|SSLCipher.java:2063|Plaintext before ENCRYPTION ( 0000: 02 28 15 00 00 00 00 00 00 00 00 00 00 00 00 00 .(.............. 0010: 00 00 00 ... ) javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.714 CST|SSLSocketOutputRecord.java:86|Raw write ( 0000: 17 03 03 00 23 E7 C1 17 7A E1 60 D5 F1 FA 55 B4 ....#...z.`...U. 0010: DD 99 5B 6D CB DB 27 01 EB 73 FC 03 9B C9 10 4E ..[m..'..s.....N 0020: 5E 87 62 D8 DB F5 68 7B ^.b...h. ) javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.715 CST|SSLSocketImpl.java:1699|close the underlying socket javax.net.ssl|DEBUG|01|main|2019-12-04 13:12:11.715 CST|SSLSocketImpl.java:1718|close the SSL connection (initiative) javax.net.ssl.SSLHandshakeException: Tag mismatch! at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:324) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:267) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:262) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:129) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437) at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:878) at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:969) at java.base/java.io.InputStream.read(InputStream.java:218) at SimpleTLS.readIn(SimpleTLS.java:40) at SimpleTLS.main(SimpleTLS.java:27) Caused by: javax.crypto.AEADBadTagException: Tag mismatch! at java.base/com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:623) at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1118) at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1055) at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:943) at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491) at java.base/javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:794) at java.base/javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730) at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2499) at java.base/sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1930) at java.base/sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(SSLSocketInputRecord.java:262) at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:190) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108) ... 8 more Per RFC8446 section 6.2, the alert would be fatal bad_record_mac rather than handshake_failure. bad_record_mac: This alert is returned if a record is received which cannot be deprotected. Because AEAD algorithms combine decryption and verification, and also to avoid side-channel attacks, this alert is used for all deprotection failures. This alert should never be observed in communication between proper implementations, except when messages were corrupted in the network.
|