[keycloak-user] silent ssl error in debug level

Bruno Oliveira bruno at abstractj.org
Wed Apr 20 08:39:18 EDT 2016


Could you please file a Jira with all the details including the JDK
version?

On 2016-04-20, Jukka Sirviö wrote:
> Hello,
> Certainly, Keycloak IDP is keycloak-demo-1.9.2.Final.tar.gz and SP is keycloak-saml-wildfly-adapter-dist-1.9.2.Final.zip. Chromium issue is similar, but unfortunately this happens also on Firefox (version 45.0.2).
>
> Yours:
> Jukka
>
>
> -----Alkuperäinen viesti-----
> Lähettäjä: Bruno Oliveira [mailto:bruno at abstractj.org]
> Lähetetty: 19. huhtikuuta 2016 17:08
> Vastaanottaja: Jukka Sirviö
> Kopio: keycloak-user at lists.jboss.org
> Aihe: Re: [keycloak-user] silent ssl error in debug level
>
> Could you please provide more information about your environment and which version of KC are you running? Is this happening with Chrome for example? See:
> https://bugs.chromium.org/p/chromium/issues/detail?id=118366
>
> On 2016-04-19, Jukka Sirviö wrote:
> > Hello,
> >
> > Anybody have any clue what could be causing this "silent exception" when DEBUG level logging is used, to SP's log. IOException is written to log all the time. Thus SAML authentication is working ok / normally. Using SSL (https) public addresses both with IDP and SP, along with signed & encrypted SAML assertions. Public certificates are good and ok!
> >
> >
> >
> > 2016-04-19 13:25:26,441 DEBUG [io.undertow.request.io] (default I/O-8) UT005013: An IOException occurred: java.io.IOException: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
> >
> >                              at
> > io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:
> > 577)
> >
> >                              at
> > io.undertow.protocols.ssl.SslConduit.terminateReads(SslConduit.java:17
> > 8)
> >
> >                              at
> > org.xnio.conduits.ConduitStreamSourceChannel.close(ConduitStreamSource
> > Channel.java:168)
> >
> >                              at
> > org.xnio.IoUtils.safeClose(IoUtils.java:134)
> >
> >                              at
> > org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.forceTermina
> > tion(ReadReadyHandler.java:58)
> >
> >                              at
> > io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.forceTerminat
> > ion(SslConduit.java:1091)
> >
> >                              at
> > org.xnio.nio.NioSocketConduit.forceTermination(NioSocketConduit.java:1
> > 05)
> >
> >                              at
> > org.xnio.nio.WorkerThread.run(WorkerThread.java:492)
> >
> > Caused by: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
> >
> >                              at
> > sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
> >
> >                              at
> > sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
> >
> >                              at
> > sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
> >
> >                              at
> > sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)
> >
> >                              at
> > io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:
> > 575)
> >
> >                              ... 7 more
> >
> >
> >
> >
> > ________________________________
> >
> > Tämä sähköpostiviesti (liitteineen) saattaa sisältää luottamuksellista
> > tietoa, joka on tarkoitettu vain vastaanottajalleen. Jos et ole oikea
> > vastaanottaja, ilmoita viestin lähettäjälle tapahtuneesta virheestä ja
> > tuhoa viesti välittömästi. Viestin luvaton julkaiseminen, kopioiminen, jakelu tai muu käyttö tai toimenpiteisiin ryhtyminen sen perusteella on ehdottomasti kielletty.
> >
> > This message (including any attachments) may contain confidential
> > information intended for the person or entity to which it is
> > addressed. If you are not the intended recipient, notify the sender
> > and delete this message immediately. Notice that disclosing, copying, distributing or any other use of the message and its information, or taking any action based on it, is strictly prohibited.
> >
> > ________________________________
>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
>
> abstractj
> PGP: 0x84DC9914

--

abstractj
PGP: 0x84DC9914


More information about the keycloak-user mailing list