Issue

When trying to connect to an SSL service using Java the following exception is raised.

javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
        at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275) (http://www.protocol.https.HttpsClient.afterConnect%28DashoA12275%29)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA12275) (http://www.protocol.https.AbstractDelegateHttpsURLConnection.connect%28D...)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:626) (http://www.protocol.http.HttpURLConnection.getInputStream%28HttpURLConne...)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA12275) (http://www.protocol.https.HttpsURLConnectionImpl.getInputStream%28DashoA...)
        at bea.Util.verifyConnection(Util.java:147)
        at bea.Util.main(Util.java:18)

Solution

This exception normally happens when these is a mismatch between SSL protocol version used between the client and the server. In my case the server only supported v3.0 SSL however the client would start with start v2.0 SSL and would not switch to v3.0 SSL resulting in the above exception. Changing the HTTP Clients to Weblogic or Apache does not help. You need to make sure you client also speaks SSL v3.0 itself to begin with and this can be achieved by setting right parameters when make the SSL call, so explore your HTTP Client API for the same.<!>