ILO2-Standalone-Remote-Console icon indicating copy to clipboard operation
ILO2-Standalone-Remote-Console copied to clipboard

Published 20 hours ago verified publisher icon scrapes

Existing data.cook file prevents startup with bad_record_mac error

Open ppar opened this issue 2 years ago • 1 comments

If you have an existing data.cook file from a previous run, starting the console (./gradlew run) fails with a bad_record_mac message.

BTW, thank you for making this project available! It's been an absolute life-saver.

Steps to reproduce:

  • Create a config.properties file
  • Connect using ./gradlew run
  • -> Remote console works as expected
  • Disconnect
  • Connect again, against the same server, config.properties unchanged
  • -> Startup crashes
  • Remove data.cook
  • Connect again
  • -> Remote console works as expected

(FWIW, I'm seeing similar behaviour in Firefox with the iLO2 web UI: even though I have security.tls.insecure_fallback_hosts set to the iLO's hostname in about:config to work around the old TLS issue, and connecting initially works fine, after a while FF refuses to talk to iLO and shows the SSL_ERROR_BAD_MAC_ALERT error; restarting Firefox works around it. Not sure if relevant to the Java SSL libs.)

Environment:

  • System: HP ProLiant ML350 G6
  • iLO version: 2.25 04/14/2014
$ java -version
openjdk version "11.0.12" 2021-07-20
OpenJDK Runtime Environment (build 11.0.12+7-post-Debian-2deb10u1)
OpenJDK 64-Bit Server VM (build 11.0.12+7-post-Debian-2deb10u1, mixed mode, sharing)

$ ls -l /etc/alternatives/java
lrwxrwxrwx 1 root root 43 Jun  8 18:54 /etc/alternatives/java -> /usr/lib/jvm/java-11-openjdk-amd64/bin/java

$ dpkg -S /usr/lib/jvm/java-11-openjdk-amd64/bin/java
openjdk-11-jre-headless:amd64: /usr/lib/jvm/java-11-openjdk-amd64/bin/java

$ apt-cache policy openjdk-11-jre-headless:amd64
openjdk-11-jre-headless:
  Installed: 11.0.12+7-2~deb10u1

$ git log | head -6
commit 9f7e72c25bedfaf2f19b4198b5d9145edc825560
Author: fridtjof <[email protected]>
Date:   Wed Jun 30 21:36:59 2021 +0200

    gradle: upgrade to 7.1

$ cat config.properties
# copy this file to config.properties and change the values accordingly

hostname = 10.x.y.x
username = Administrator
password = .....

$ ./gradlew run

> Task :run
Found datastore
javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
        at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:185)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1426)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1336)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421)
        at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:572)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1592)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
        at Main.isValid(Main.java:220)
        at Main.main(Main.java:292)
javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
        at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:185)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1426)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1336)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421)
        at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:572)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1592)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
        at Main.Stage3(Main.java:167)
        at Main.main(Main.java:306)

BUILD SUCCESSFUL in 3s
2 actionable tasks: 1 executed, 1 up-to-date

ppar avatar Nov 02 '21 14:11 ppar

Hi! Thanks for the excellent bug report, really appreciate it :)

First things first, can you upgrade your iLO firmware to 2.33? I've never encountered this bug before, and all my iLOs are updated to that version. The changelog from 2.25 until then does not have anything obvious, but you never know :)

fridtjof avatar Nov 02 '21 14:11 fridtjof