javax.net.ssl.SSLProtocolException: Input record too big - Bug report 8227651

Severin Gehwolf sgehwolf at redhat.com
Tue May 2 09:30:58 UTC 2023 

On Mon, 2023-05-01 at 16:32 +0000, Siemsen, Michael Sean (Sean) wrote:
> All,
>  
> # java -version
> openjdk version "1.8.0_362"
> OpenJDK Runtime Environment (build 1.8.0_362-b09)
> OpenJDK 64-Bit Server VM (build 25.362-b09, mixed mode)
>  
> After making changes to use TLS1.3 I started seeing the following errors.
>  
> Caused by: javax.net.ssl.SSLProtocolException: Input record too big: max = 16709 len = 21409
>         at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:508)
>         at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:411)
>         at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:390)
>         at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
>  
> I found the following bug report:
>  
> https://bugs.java.com/bugdatabase/view_bug?bug_id=8227651
> JDK-8227651 : Tests fail with SSLProtocolException: Input record too big
>  
> JDK 11                         JDK 17             JDK 19             JDK 20             JDK 8
> 11.0.18-oracleFixed       17.0.5Fixed        19.0.1Fixed        20 b10Fixed       8u361Fixed
>  
> I can find references for deliveries and backports for JDK11-JDK20 in the bug link above, but not for JDK8.
> I believe I am currently experiencing the issue using 8u362 which would imply EITHER:
>  
>  * I am not experiencing the same problem as listed in 8227651.
>     - Unlikely because I see the exact same error signature, etc. as in the bug link above.
>  * The fix was delivered to 8u361 but broken again in 8u362.
>  * The fix was never delivered to 8u.
>  
> Learning which of these the 3 scenarios occurred will help me in deciding whether I HAVE to upgrade my Java version (non-trivial for our product), or debug further and try to find alternate solutions (like reverting to TLS1.2, etc.)

JDK-8227651 was never delivered to OpenJDK 8u. However, it's a patch to
test-code only so whether or not it's part of OpenJDK 8u doesn't matter
in your case as test-code changes don't affect the produced binaries.

The upstream review might have some hints as to what the issue on your
end might be:
https://github.com/openjdk/jdk/pull/9773

Thanks,
Severin

More information about the jdk8u-dev mailing list