Details on obscure SSL error

[neroux]

Rather for reference than an actual bug report

Please find below the stacktrace from the SSL error mentioned in #1

Generally speaking, I'd assume this is rather not Jodd related, but something else corrupts the SSL connection (the error comes from deep within SSL). Usually I'd say that might be a glitch on the server, but I'd rather rule that out as it happens on a variety of sites. Nor would I want to put the blame on my ISP (yet). My most likely explanation would be that it is something Android related. It mostly happens on the emulator, though I had cases on actual devices as well.

@igr, I guess my main concern regarding Jodd here is whether there's a chance Jodd's custom SSL handler could be remotely involved here, in corrupting the SSL stream under certain conditions (sending the request or parsing the response incorrectly). As far as I can tell Jodd relies entirely on the default SSL implementation, so I'd rather rule it out, but maybe you could double check/confirm it.

There are some references to this error on Android but they refer to SSL 1.2 and in that case it should be a regular error, not just intermittently.

Read error: ssl=0x73692f290088: Failure in SSL library, usually a protocol error
    error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT (external/boringssl/src/crypto/fipsmodule/cipher/e_aes.c:998 0x73692940ae73:0x00000000)
    error:1000008b:SSL routines:OPENSSL_internal:DECRYPTION_FAILED_OR_BAD_RECORD_MAC (external/boringssl/src/ssl/tls_record.cc:298 0x73692940ae73:0x00000000); <--- javax.net.ssl.SSLProtocolException: Read error: ssl=0x73692f290088: Failure in SSL library, usually a protocol error
    error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT (external/boringssl/src/crypto/fipsmodule/cipher/e_aes.c:998 0x73692940ae73:0x00000000)
    error:1000008b:SSL routines:OPENSSL_internal:DECRYPTION_FAILED_OR_BAD_RECORD_MAC (external/boringssl/src/ssl/tls_record.cc:298 0x73692940ae73:0x00000000)
    jodd.http.HttpException: Read error: ssl=0x73692f290088: Failure in SSL library, usually a protocol error
    error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT (external/boringssl/src/crypto/fipsmodule/cipher/e_aes.c:998 0x73692940ae73:0x00000000)
    error:1000008b:SSL routines:OPENSSL_internal:DECRYPTION_FAILED_OR_BAD_RECORD_MAC (external/boringssl/src/ssl/tls_record.cc:298 0x73692940ae73:0x00000000); <--- javax.net.ssl.SSLProtocolException: Read error: ssl=0x73692f290088: Failure in SSL library, usually a protocol error
    error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT (external/boringssl/src/crypto/fipsmodule/cipher/e_aes.c:998 0x73692940ae73:0x00000000)
    error:1000008b:SSL routines:OPENSSL_internal:DECRYPTION_FAILED_OR_BAD_RECORD_MAC (external/boringssl/src/ssl/tls_record.cc:298 0x73692940ae73:0x00000000)
	at jodd.http.HttpBase.readBody(HttpBase.java:1028)
	at jodd.http.HttpResponse.readFrom(HttpResponse.java:243)
	at jodd.http.HttpRequest._send(HttpRequest.java:899)
	at jodd.http.HttpRequest.send(HttpRequest.java:861)     
Caused by: javax.net.ssl.SSLProtocolException: Read error: ssl=0x73692f290088: Failure in SSL library, usually a protocol error
    error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT (external/boringssl/src/crypto/fipsmodule/cipher/e_aes.c:998 0x73692940ae73:0x00000000)
    error:1000008b:SSL routines:OPENSSL_internal:DECRYPTION_FAILED_OR_BAD_RECORD_MAC (external/boringssl/src/ssl/tls_record.cc:298 0x73692940ae73:0x00000000)
	at com.android.org.conscrypt.NativeCrypto.SSL_read(Native Method)
	at com.android.org.conscrypt.NativeSsl.read(NativeSsl.java:411)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket$SSLInputStream.read(ConscryptFileDescriptorSocket.java:549)
	at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:291)
	at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:355)
	at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:181)
	at java.io.InputStreamReader.read(InputStreamReader.java:184)
	at java.io.BufferedReader.read1(BufferedReader.java:221)
	at java.io.BufferedReader.read(BufferedReader.java:297)
	at jodd.io.IOUtil.copy(IOUtil.java:155)
	at jodd.http.HttpBase.readBody(HttpBase.java:1019)
		... 20 more
    ---[cause]------------------------------------------------------------------------
    javax.net.ssl.SSLProtocolException: Read error: ssl=0x73692f290088: Failure in SSL library, usually a protocol error
    error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT (external/boringssl/src/crypto/fipsmodule/cipher/e_aes.c:998 0x73692940ae73:0x00000000)
    error:1000008b:SSL routines:OPENSSL_internal:DECRYPTION_FAILED_OR_BAD_RECORD_MAC (external/boringssl/src/ssl/tls_record.cc:298 0x73692940ae73:0x00000000)
	at com.android.org.conscrypt.NativeCrypto.SSL_read(Native Method)
	at com.android.org.conscrypt.NativeSsl.read(NativeSsl.java:411)
	at com.android.org.conscrypt.ConscryptFileDescriptorSocket$SSLInputStream.read(ConscryptFileDescriptorSocket.java:549)
	at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:291)
	at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:355)
	at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:181)
	at java.io.InputStreamReader.read(InputStreamReader.java:184)
	at java.io.BufferedReader.read1(BufferedReader.java:221)
	at java.io.BufferedReader.read(BufferedReader.java:297)
	at jodd.io.IOUtil.copy(IOUtil.java:155)
	at jodd.http.HttpBase.readBody(HttpBase.java:1019)
	at jodd.http.HttpResponse.readFrom(HttpResponse.java:243)
	at jodd.http.HttpRequest._send(HttpRequest.java:899)
	at jodd.http.HttpRequest.send(HttpRequest.java:861)

[igr]

For future reference:

https://stackoverflow.com/questions/55184588/sslprotocolexception-read-error-ssl-0x9af236c0-failure-in-ssl-library-usuall

[neroux]

Good find, I am not sure if I came across that posting already. Though it also refers to SSL 1.2, so I am not sure how applicable this is these days (we have Android 11 and the article is still talking about 4 and 5). As it mentions in the posting, the error is intermittent, however contrary to what the posting says I do get it occasionally on devices too.