Invalid padding exceptions cause mod_cluster proxied requests over HTTPS to 502

Issue

We're seeing random 502 failures with requests proxied through mod_cluster to JBoss over HTTPS:

[debug] ssl_engine_kernel.c(1881): OpenSSL: Read: SSLv3 read finished A
[debug] ssl_engine_kernel.c(1900): OpenSSL: Exit: failed in SSLv3 read finished A
[info] [client 127.0.0.1] SSL Proxy connect failed
[info] SSL Library Error: 336151568 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[info] [client 127.0.0.1] Connection closed to child 0 with abortive shutdown (server localhost:443)
[error] (502)Unknown error 502: proxy: pass request body failed to 127.0.0.1:8443 (127.0.0.1)

We have acquired the fix to the prior mod_cluster 502 bug (JBPAPP-10409, JBPAPP6-1170) yet still see this issue.
SSL debug logging from JBoss shows the falling exception accompanies these 502s:

INFO  [stdout] (http-127.0.0.1:8443-1) 248, 178, 17, 86, 119, 76, 2, 163, 65, http-127.0.0.1:8443-1, IOException in getSession():  javax.net.ssl.SSLHandshakeException: Invalid padding

Environment

JBoss Enterprise Application Platform (EAP)
- 5.2.0+
- 6.0.0+
Java 1.7_u6 and later

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories