0 Replies Latest reply on Oct 18, 2016 9:57 AM by pkleindienst

    Logstash TCP-Input throws "Bad record MAC" when trying to connect with WildFly over SSL/TLS

    pkleindienst
    pkleindienst Oct 18, 2016 9:57 AM

      I use the jboss-logmanger-ext library for transfering log records to Logstash over a secure socket. For that purpose, my Logstash TCP-Input config authenticates with WildFly by means of a self-signed certificate. However, some time after SSL handshake has started, the following exception is thrown:

       

      LogManager error of type FLUSH_FAILURE: Error on flush
      java.net.SocketException: Socket is closed
           at sun.security.ssl.SSLSocketImpl.getOutputStream(SSLSocketImpl.java:2240)
           at org.jboss.logmanager.handlers.TcpOutputStream.flush(TcpOutputStream.java:210)
           at org.jboss.logmanager.handlers.UninterruptibleOutputStream.flush(UninterruptibleOutputStream.java:110)
           at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:297)
           at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
           at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
           at org.jboss.logmanager.ext.handlers.SocketHandler.safeFlush(SocketHandler.java:340)
           at org.jboss.logmanager.ext.handlers.SocketHandler.flush(SocketHandler.java:169)
           at org.jboss.logmanager.ExtHandler.doPublish(ExtHandler.java:104)
           at org.jboss.logmanager.ext.handlers.SocketHandler.doPublish(SocketHandler.java:159)
           at org.jboss.logmanager.ExtHandler.publish(ExtHandler.java:76)
           at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:314)
           at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322)
           at org.jboss.logmanager.Logger.logRaw(Logger.java:850)
           at org.jboss.logmanager.Logger.log(Logger.java:596)
           at org.jboss.stdio.AbstractLoggingWriter.write(AbstractLoggingWriter.java:71)
           at org.jboss.stdio.WriterOutputStream.finish(WriterOutputStream.java:143)
           at org.jboss.stdio.WriterOutputStream.flush(WriterOutputStream.java:164)
           at java.io.PrintStream.write(PrintStream.java:482)
           at org.jboss.stdio.StdioContext$DelegatingPrintStream.write(StdioContext.java:264)
           at java.io.PrintStream.write(PrintStream.java:480)
           at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
           at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
           at sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:104)
           at java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:185)
           at java.io.PrintStream.newLine(PrintStream.java:546)
           at java.io.PrintStream.println(PrintStream.java:696)
           at sun.misc.HexDumpEncoder.encodeLineSuffix(HexDumpEncoder.java:116)
           at sun.misc.CharacterEncoder.encodeBuffer(CharacterEncoder.java:297)

       

      On the Logstash side, the following error message appears in the logs:

       

      :message=>"An error occurred. Closing connection", :exception=>#<IOError: bad record MAC>

       

      Afterwards, WildFly hangs forever without deploying my webapp or doing anything else. Before that happens, the handshake goes through these phases:

      • *** ClientHello, TLSv1.2
      • *** ServerHello, TLSv1.2
      • Initialized: Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
      • Found trusted certificate
      • *** ECDH ServerKeyExchange
      • *** ServerHelloDone
      • *** ECDHClientKeyExchange
      • SESSION KEYGEN:
      • CONNECTION KEYGEN:
      • *** Finished

      When disabling SSL both on WildFly and Logstash side, everything works fine. Anyone facing the same issue or has a hint what might be going wrong here?