[CI] bouncycastle.tls.TlsFatalAlert: handshake_failure(40) #64044

astefan · 2020-10-22T09:03:01Z

Build scan:
https://gradle-enterprise.elastic.co/s/ugq5y3o4yrdgq
https://gradle-enterprise.elastic.co/s/anyrby5ddynwq

Repro line:

./gradlew ':x-pack:plugin:security:internalClusterTest' --tests "org.elasticsearch.xpack.security.authz.SnapshotUserRoleIntegTests.testSnapshotUserRoleCanSnapshotAndSeeAllIndices" -Dtests.seed=F4A3DCA82E28F4F1 -Dtests.security.manager=true -Dtests.locale=tr-TR -Dtests.timezone=Etc/GMT-4 -Druntime.java=11 -Dtests.fips.enabled=true
./gradlew ':x-pack:plugin:security:internalClusterTest' --tests "org.elasticsearch.xpack.security.transport.ServerTransportFilterIntegrationTests.testThatConnectionToClientTypeConnectionIsRejected" -Dtests.seed=EB44AB73D78B668B -Dtests.security.manager=true -Dtests.locale=zh-TW -Dtests.timezone=MET -Druntime.java=11 -Dtests.fips.enabled=true

Reproduces locally?: No

Applicable branches: master, 7.x

Failure history: Failed twice in different classes and test methods
Failure excerpt:

 2> 十月 22, 2020 5:37:02 上午 org.bouncycastle.jsse.provider.ProvTlsServer notifyAlertRaised
  2> 資訊: Server raised fatal(2) handshake_failure(40) alert: Failed to process record
  2> org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40)
  2> 	at org.bouncycastle.tls.TlsProtocol.handleAlertWarningMessage(TlsProtocol.java:184)
  2> 	at org.bouncycastle.tls.TlsServerProtocol.handleAlertWarningMessage(TlsServerProtocol.java:413)
  2> 	at org.bouncycastle.tls.TlsProtocol.handleAlertMessage(TlsProtocol.java:161)
  2> 	at org.bouncycastle.tls.TlsProtocol.processAlertQueue(TlsProtocol.java:570)
  2> 	at org.bouncycastle.tls.TlsProtocol.processRecord(TlsProtocol.java:435)
  2> 	at org.bouncycastle.tls.RecordStream.readFullRecord(RecordStream.java:184)
  2> 	at org.bouncycastle.tls.TlsProtocol.safeReadFullRecord(TlsProtocol.java:727)
  2> 	at org.bouncycastle.tls.TlsProtocol.offerInput(TlsProtocol.java:1059)
  2> 	at org.bouncycastle.tls.TlsProtocol.offerInput(TlsProtocol.java:1027)
  2> 	at org.bouncycastle.jsse.provider.ProvSSLEngine.unwrap(ProvSSLEngine.java:445)
  2> 	at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:677)
  2> 	at org.elasticsearch.xpack.security.transport.nio.SSLDriver.unwrap(SSLDriver.java:178)
  2> 	at org.elasticsearch.xpack.security.transport.nio.SSLDriver.access$1300(SSLDriver.java:50)
  2> 	at org.elasticsearch.xpack.security.transport.nio.SSLDriver$RegularMode.read(SSLDriver.java:327)
  2> 	at org.elasticsearch.xpack.security.transport.nio.SSLDriver.read(SSLDriver.java:119)
  2> 	at org.elasticsearch.xpack.security.transport.nio.SSLChannelContext.read(SSLChannelContext.java:165)
  2> 	at org.elasticsearch.nio.EventHandler.handleRead(EventHandler.java:139)
  2> 	at org.elasticsearch.nio.NioSelector.handleRead(NioSelector.java:420)
  2> 	at org.elasticsearch.nio.NioSelector.processKey(NioSelector.java:246)
  2> 	at org.elasticsearch.nio.NioSelector.singleLoop(NioSelector.java:174)
  2> 	at org.elasticsearch.nio.NioSelector.runLoop(NioSelector.java:131)
  2> 	at java.base/java.lang.Thread.run(Thread.java:834)

with the following test failing:

org.elasticsearch.xpack.security.transport.ServerTransportFilterIntegrationTests > testThatConnectionToClientTypeConnectionIsRejected FAILED
    ProcessClusterEventTimeoutException[failed to process cluster event (delete_repository [*]) within 30s]
        at __randomizedtesting.SeedInfo.seed([EB44AB73D78B668B:D02A53132EE64A57]:0)
        at org.elasticsearch.cluster.service.MasterService$Batcher.lambda$onTimeout$0(MasterService.java:143)
        at java.util.ArrayList.forEach(ArrayList.java:1541)
        at org.elasticsearch.cluster.service.MasterService$Batcher.lambda$onTimeout$1(MasterService.java:142)
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:678)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.lang.Thread.run(Thread.java:834)

The text was updated successfully, but these errors were encountered:

elasticmachine · 2020-10-22T09:03:03Z

Pinging @elastic/es-security (:Security/Network)

elasticsearchmachine · 2023-10-12T18:30:20Z

Pinging @elastic/es-security (Team:Security)

astefan added >test-failure Triaged test failures from CI :Security/TLS SSL/TLS, Certificates labels Oct 22, 2020

elasticmachine added the Team:Security Meta label for security team label Oct 22, 2020

astefan mentioned this issue Oct 22, 2020

SSL related tests failures with BCJSSE in FIPS 140 mode #49094

Open

ywangd added :Security/FIPS Running ES in FIPS 140-2 mode and removed :Security/TLS SSL/TLS, Certificates labels Dec 31, 2020

albertzaharovits self-assigned this Jan 14, 2021

gwbrown mentioned this issue Oct 26, 2022

bad_record_mac in fips test #70497

Closed

gwbrown added the low-risk An open issue or test failure that is a low risk to future releases label Oct 12, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CI] bouncycastle.tls.TlsFatalAlert: handshake_failure(40) #64044

[CI] bouncycastle.tls.TlsFatalAlert: handshake_failure(40) #64044

astefan commented Oct 22, 2020

elasticmachine commented Oct 22, 2020

elasticsearchmachine commented Oct 12, 2023

[CI] bouncycastle.tls.TlsFatalAlert: handshake_failure(40) #64044

[CI] bouncycastle.tls.TlsFatalAlert: handshake_failure(40) #64044

Comments

astefan commented Oct 22, 2020

elasticmachine commented Oct 22, 2020

elasticsearchmachine commented Oct 12, 2023