#184 Received fatal alert: bad_record_mac

[Anonymous]

DavMail Gateway version: 4.1.0-2042 under Linux

Everything was working like a charm and I was getting rid of Outlook and Microsoft and switching to Linux Mint 14 Cinnamon x64, Thunderbird.

Suddenly, our IT guy choose to improve security on the server and only allows SSLv3 connections. Since then, I get the following error:

Date: Wed Jan 23 12:37:00 CET 2013 (1358941020718)
Thread: CaldavConnection-39720
Message #: 76
Level: WARN
NDC:
Category: davmail.http.DavGatewayHttpClientFacade
Message: Received fatal alert: bad_record_mac
Location: davmail.http.DavGatewayHttpClientFacade.getHttpStatus(DavGatewayHttpClientFacade.java:270)
Thrown:
javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1977)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1093)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at davmail.http.DavGatewayHttpClientFacade.getHttpStatus(DavGatewayHttpClientFacade.java:268)
at davmail.exchange.ExchangeSession.isBasicAuthentication(ExchangeSession.java:324)
at davmail.exchange.ExchangeSession.<init>(ExchangeSession.java:182)
at davmail.exchange.dav.DavExchangeSession.<init>(DavExchangeSession.java:499)
at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:146)
at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:94)
at davmail.caldav.CaldavConnection.run(CaldavConnection.java:170)

I looked on the net, and it seems that if the server only allows SSLv3, some options should be passed to the java http client api to force this connection.

For JIRA project, it is solved by adding some java options at startup: -Dhttps.protocols=SSLv3 -Dforce.http.jre.executor=true
(https://wiki.almworks.com/display/kb/bad_record_mac+error+when+connecting+to+SSLv3-only+server)

I wish this issue could be solved quickly as I do not want to switch back to Microsoft Windows/Outlook as I am mostly developing under Linux.

[Mickael Guessant]

Probably obsolete SSLv3 is now disabled on all servers for security reasons.