Invalid padding exceptions cause mod_cluster proxied requests over HTTPS to 502

Solution Verified - Updated -

Issue

  • We're seeing random 502 failures with requests proxied through mod_cluster to JBoss over HTTPS:
[debug] ssl_engine_kernel.c(1881): OpenSSL: Read: SSLv3 read finished A
[debug] ssl_engine_kernel.c(1900): OpenSSL: Exit: failed in SSLv3 read finished A
[info] [client 127.0.0.1] SSL Proxy connect failed
[info] SSL Library Error: 336151568 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[info] [client 127.0.0.1] Connection closed to child 0 with abortive shutdown (server localhost:443)
[error] (502)Unknown error 502: proxy: pass request body failed to 127.0.0.1:8443 (127.0.0.1)
  • We have acquired the fix to the prior mod_cluster 502 bug (JBPAPP-10409, JBPAPP6-1170) yet still see this issue.
  • SSL debug logging from JBoss shows the falling exception accompanies these 502s:
INFO  [stdout] (http-127.0.0.1:8443-1) 248, 178, 17, 86, 119, 76, 2, 163, 65, http-127.0.0.1:8443-1, IOException in getSession():  javax.net.ssl.SSLHandshakeException: Invalid padding

Environment

  • JBoss Enterprise Application Platform (EAP)
    • 5.2.0+
    • 6.0.0+
  • Java 1.7_u6 and later

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content