| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| HTTP request failing with 'SSLException: bad record MAC' |
« View previous topic :: View next topic » |
| Author |
Message
|
| sealpup |
 Posted: Mon Nov 25, 2013 8:05 am Post subject: HTTP request failing with 'SSLException: bad record MAC' |
 |
|
Apprentice
Joined: 21 Sep 2010
Posts: 26
|
Greetings from the Atlantic Ocean.
HTTP request node hitting the failure terminal.
Trace as below.
I have googled this error - Error Text: 'javax.net.ssl.SSLException: bad record MAC' - without success. Does anyone know precisely what it means? Unfortunately I have no visibility of the service that we are calling, so am blind in that respect.
The error is transient - the same request might work in 5 minutes time. I am thinking that they might have some load balancer at their end where one of their servers is 'dodgy'. That's just a guess though.
Thanks.
| Code: |
| Code content removed by Admin |
Last edited by sealpup on Thu May 22, 2014 2:36 am; edited 1 time in total |
|
| Back to top |
|
 |
| McueMart |
| Posted: Mon Nov 25, 2013 8:49 am Post subject: |
|
|
Chevalier
Joined: 29 Nov 2011
Posts: 490
Location: UK...somewhere
|
|
| Back to top |
|
|
| sealpup |
| Posted: Tue Nov 26, 2013 1:59 am Post subject: |
|
|
Apprentice
Joined: 21 Sep 2010
Posts: 26
|
And I had read that blog before I posted.
His work/findings are entirely based on Java, not Broker, and are hardly definitive. Full of caveats, ifs, buts and maybes.
It's apparent that this is not a broker issue.
The problem lies in the called Web service architecture, of which I have no visibility. |
|
| Back to top |
|
|
| McueMart |
| Posted: Tue Nov 26, 2013 2:28 am Post subject: |
|
|
Chevalier
Joined: 29 Nov 2011
Posts: 490
Location: UK...somewhere
|
His findings are based on Java yes. As you have hopefully guessed by seeing the "javax.net.ssl.SSLException", the underlying technology broker is using for the HTTPRequest node is java. So I cant see any issue with using his findings as part of your investigation.
The suggested solution in his blog is to:
"The solution is to configure Java in such a way that it will use only one secure socket protocol for communication"
((SSLSocket) socket).setEnabledProtocols(new String[] { "SSLv3" });
Have you tried the Broker equivalent to this? If you look at the infocenter for the HTTPRequest node, you will see that the defauly protocol 'SSL', which will try and use SSLv3 first, but will fall back to SSLv2. This could be causing the issues you are seeing.
Maybe you want to try specifying 'SSLv3' or 'TLS'? |
|
| Back to top |
|
|
| sealpup |
| Posted: Tue Nov 26, 2013 3:34 am Post subject: |
|
|
Apprentice
Joined: 21 Sep 2010
Posts: 26
|
The effect of your suggestion would be unknown, as, I repeat, I have no visibility of the Web service infrastructure. Unfortunately I have no environment to test this in other than Production which is obviously not going to happen.
I honestly don't think that SSL configuration on the HTTP request node is the problem.
How would that explain this behaviour?, as originally posted.
| Quote: |
| The error is transient - the same request might work in 5 minutes time. |
I will not be changing the broker side, when it works on most occasions. Forcing it to use one protocol might break all requests.
The evidence is suggesting a load balancing or caching issue on the Web service side. I will ask them to investigate this. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
