“Received fatal alert: bad_record_mac” when deploying to sonatype

Question

I'm getting this stacktrace when trying to deploy to sonatype repository (sometimes!):

javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1977)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1093)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at org.apache.maven.wagon.providers.http.httpclient.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
at org.apache.maven.wagon.providers.http.httpclient.impl.io.AbstractSessionOutputBuffer.write(AbstractSessionOutputBuffer.java:151)
at org.apache.maven.wagon.providers.http.httpclient.impl.io.ContentLengthOutputStream.write(ContentLengthOutputStream.java:114)
at org.apache.maven.wagon.shared.http4.AbstractHttpClientWagon$RequestEntityImplementation.writeTo(AbstractHttpClientWagon.java:188)
at org.apache.maven.wagon.providers.http.httpclient.entity.HttpEntityWrapper.writeTo(HttpEntityWrapper.java:96)
at org.apache.maven.wagon.providers.http.httpclient.impl.client.EntityEnclosingRequestWrapper$EntityWrapper.writeTo(EntityEnclosingRequestWrapper.java:108)
at org.apache.maven.wagon.providers.http.httpclient.impl.entity.EntitySerializer.serialize(EntitySerializer.java:120)
at org.apache.maven.wagon.providers.http.httpclient.impl.AbstractHttpClientConnection.sendRequestEntity(AbstractHttpClientConnection.java:263)
at org.apache.maven.wagon.providers.http.httpclient.impl.conn.AbstractClientConnAdapter.sendRequestEntity(AbstractClientConnAdapter.java:227)
at org.apache.maven.wagon.providers.http.httpclient.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:255)
at org.apache.maven.wagon.providers.http.httpclient.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
at org.apache.maven.wagon.providers.http.httpclient.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:645)
at org.apache.maven.wagon.providers.http.httpclient.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:464)
at org.apache.maven.wagon.providers.http.httpclient.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.maven.wagon.providers.http.httpclient.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.maven.wagon.shared.http4.AbstractHttpClientWagon.execute(AbstractHttpClientWagon.java:674)
at org.apache.maven.wagon.shared.http4.AbstractHttpClientWagon.put(AbstractHttpClientWagon.java:515)

As suggested here, I set this:

MAVEN_OPTS="-Dhttps.protocols=SSLv3 -Dforce.http.jre.executor=true"

And it still doesn't help. I'm using:

$ java -version
java version "1.7.0_07"
OpenJDK Runtime Environment (IcedTea7 2.3.2) (7u7-2.3.2a-0ubuntu0.12.04.1)
OpenJDK 64-Bit Server VM (build 23.2-b09, mixed mode)

Any ideas?

ps. I asked the same question at jdk7-dev mailing list, but didn't get any useful answer yet.

Answer 1

Try again, since 19 January 2013 Sonatype OSS configuration has been tweaked, which potentially resolved this issue.

Reference: https://issues.sonatype.org/browse/OSSRH-5165

Answer 2

If SSLv3 is the problem, the solution is to downgrade to Maven 3.0.3 and use the Maven options suggested.

MAVEN_OPTS="-Dhttps.protocols=SSLv3 -Dforce.http.jre.executor=true"

The SSLv3 fix that you tried would not work in Maven 3.0.4. I have filed a bug report describing why here: Maven JIRA ticket MNG-5363

After some searching, I cannot figure what -Dforce.http.jre.executor=true is trying to fix, so I do not think you need it, but the person who suggested it probably did it for a good reason.

Our department just diagnosed these issues a few weeks ago. If you were experiencing an error because of SSLv3, I would expect it to be more consistent as I have noticed with our servers. Maybe sometimes a different SSL choice is made in your case, but that also seems weird.

Finally, there are more bugs in 3.0.3, and I just hit one of them that was fixed in 3.0.4, so be careful.

Answer 3

I have maven multi-module project (jodd.org) and because of this error I was not able to upload all artifacts to Sonatype for last 5 hours. I am using JDK-64b 7u7 and 7u9 on Windows 7.

Here someone says that this is an issue in JDK 7u7; however, upgrading to 7u9 didn't help me.

Finally I was able to upload all artifacts successfully using JDK 6.

However, since this error appears randomly, I can't be 100% sure that this was just a coincidence or it it really works better on JDK6.

Answer 4

A possible workaround is documented here: https://jira.codehaus.org/browse/MNG-5237

Answer 5

If you could test a fix that could help :-)

see https://jira.codehaus.org/browse/WAGON-383?focusedCommentId=317770&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-317770

Thanks !

Answer 6

I ran into this SSL bug with Maven 3.0.5 but when I upgraded to 3.1.0 it appears to be fixed.