3 Replies Latest reply on Jul 19, 2016 4:25 PM by jareddsimon

javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? - wildfly-10.0.0.Final

sharkbite Jun 29, 2016 6:26 AM

When I access our application via web browser usiing https I get the following error:

2016-06-29 12:22:13,973 TRACE [org.jboss.security] (default task-77) PBOX00354: Setting security roles ThreadLocal: null

2016-06-29 12:22:29,162 DEBUG [io.undertow.request.io] (default I/O-15) UT005013: An IOException occurred: java.io.IOException: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:606)

at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java:971)

at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java:1066)

at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:787)

at io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:559)

at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)

at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:153)

at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:131)

at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:57)

at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1116)

at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)

at org.xnio.nio.WorkerThread.run(WorkerThread.java:559)

Caused by: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)

at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)

at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:604)

our configuration on standalone-full.xml is as follows:

<https-listener name="https" security-realm="UndertowRealm" socket-binding="https"/>

<security-realm name="UndertowRealm">

<server-identities>

<ssl>

</ssl>

</server-identities>

</security-realm>

From the browser, the certificate is fine, they are no issues.

Why do I get this error?

Is it something to be worried about?

Thanks,

Daslan

1. Re: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? - wildfly-10.0.0.Final

sharkbite Jul 1, 2016 6:04 AM (in response to sharkbite)

Anyone know of to switch this off in log4j?
What category to use?
Using the ones below does not work
<category name="javax">
<priority value="off"/>
</category>
<category name="io.undertow.protocols.ssl">
<priority value="off"/>
</category>
<category name="javax.net.ssl">
<priority value="off"/>
</category>
Actions
2. Re: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? - wildfly-10.0.0.Final

jareddsimon Jul 18, 2016 3:41 PM (in response to sharkbite)

I'm having this problem with ejb-remoting over 'https-remoting". Anybody know the issue?
Actions
3. Re: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? - wildfly-10.0.0.Final

jareddsimon Jul 19, 2016 4:25 PM (in response to jareddsimon)

I figured out my issue. I was running a Wildfly 10.0.0.Final on the server side, but I was using the client .jars for version 10.0.0.Beta2. These .jars were close enough that it let me connect, and it worked about half the time. The errors that were given led me down paths other than thinking that the client .jars were wrong.
Actions

Go to original post