[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 610
  • Last Modified:

SSL closes because of 'bad record MAC'

Hi all

I have the following problem

I Have 3 servers SERVER-A, SERVER-B and SERVER-C

SERVER-A is a reverse proxy allows only HTTPS
SERVER-B is a Web Server allows only HTTPS
SERVER-C is a kind of Server using it's own protocol

The client makes a CONNECT SERVER-B:443 HTTP/1.1 to SERVER-A
Then the client makes a CONNECT SERVER-C:1111 HTTP/1.1 to SERVER-B
Now the client has a secure tunnel from client to SERVER-B the connection from SERVER-B to SERVER-C is unsecure
If I have big load on the connection from the client to SERVER-C, then suddenly the SERVER-B get a 'bad record MAC' and the connection will be closed.

I'm thinking the client is sending a renegotiation message to the SERVER-B and this renegotiation is sent by the SSL from the first HTTPS connection
to SERVER-A. Is there a way to stop/shutdown or whatever the SSL connection without closing the underlying socket?

thanks a lot for your help
1 Solution
What could be happening is that your .unwrap() function is not reading the entire buffer.  You need to loop over that function call as long as the HandshakeStatus is NEED_UNWRAP or until you get a BUFFER_UNDERFLOW.

Check out these links for more info:
Forced accept.

EE Admin

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now