Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Connecting to a Secured server : bad_record_mac

843811May 12 2006 — edited Aug 2 2007

Hi,

I'm in trouble while trying to connect to a HTTPS server via Java (jdk1.5), which use certificate.

When using Firefox, or Explorer, it ask me if I accept the certificate, and there is no problems there.

But I have to test the webserver using jMeter, and each times I try to access the server, java fails with the following exception :

javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.connect(Unknown Source)
    at org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.java:424)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:514)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:503)
    at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:247)
    at java.lang.Thread.run(Unknown Source)

Thus, I tried HTTPClient from jakarta, and it give the same result.

The problem is with the certificate (it connect to the server) : a normal browser should ask me to accept it or refuse it. But Java, simply denies it except if it's in the trustStore.

1. I have the certificat from the server side, and I can import it into my truststore using keytool :

$ keytool -import -v -trustcacerts -alias glowria -file www.glowria.fr.crt -keys
tore foo.keystore -storepass changeit
Certificat ajout� au Keystore
[Stockage de foo.keystore]

$ keytool -export -keystore foo.keystore -alias glowria -file glowria.cer
Tapez le mot de passe du Keystore :  *********
Certificat enregistr� dans le fichier <glowria.cer>

$ keytool -import -keystore jssecacerts -alias glowria -file glowria.cer
Tapez le mot de passe du Keystore : *********
Faire confiance � ce certificat ? [non] :  oui
Certificat ajout� au Keystore

(note: I'm using WinXP_FR, sorry for the accents)

2. finally, I have the same bad_record_mac, whatever happens

--

So, what step should I observe to correct this?

Note that I also tried to use javaws, to import a certificat either after exporting the certificat from IE (in DER format, *.cer), either with the certificat I got in my apache 2 conf. But, that does not solve the problem.

Is someone has Idea of what to do? (except from using Java code, I'm supposed to use jMeter, in which I would like to avoid using java code)

Locked Post

New comments cannot be posted to this locked post.

Locked on Aug 30 2007

Added on May 12 2006

#java-secure-socket-extension-jsse

10 comments

8,788 views