SSL Exception.. possible truncation attack?

[Ryan B]

Hello All,

I recently brought up a rundeck server.  I'm trying to use it with a self signed cert.  I followed instructions from the Admin Guide.  Once i started using the https site I noticed in the service.log a bunch of WARN events.  Here's a pasting of the service.log from the moment i started rundeck:

2016-09-28 16:20:16.073:INFO:oejs.Server:jetty-7.6.0.v20120127
2016-09-28 16:20:18.801:INFO:oejw.StandardDescriptorProcessor:NO JSP Support for /, did not find org.apache.jasper.servlet.JspServlet
2016-09-28 16:20:20.078:INFO:/:Initializing Spring root WebApplicationContext
2016-09-28 16:20:44,860 INFO BootStrap - Starting Rundeck 2.6.9-1...
2016-09-28 16:20:44,861 INFO BootStrap - using rdeck.base config property: /opt/rundeck/rundeck
2016-09-28 16:20:44,872 INFO BootStrap - loaded configuration: /opt/rundeck/rundeck/etc/framework.properties
2016-09-28 16:20:44,989 INFO BootStrap - RSS feeds disabled
2016-09-28 16:20:44,989 INFO BootStrap - Preauthentication is disabled
2016-09-28 16:20:45,025 INFO BootStrap - Rundeck is ACTIVE: executions can be run.
2016-09-28 16:20:46,948 INFO BootStrap - Rundeck startup finished in 2122ms
2016-09-28 16:20:46.948:INFO:oejsh.ContextHandler:started o.e.j.w.WebAppContext{/,file:/opt/rundeck/rundeck/server/exp/webapp/},/opt/rundeck/rundeck/server/exp/webapp
2016-09-28 16:20:47.045:INFO:/:Initializing Spring FrameworkServlet 'grails'
2016-09-28 16:20:47.147:INFO:oejus.SslContextFactory:Enabled Protocols [TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
2016-09-28 16:20:47.165:INFO:oejs.AbstractConnector:Started SslSelectCha...@0.0.0.0:4443
2016-09-28 16:20:59.529:WARN:oeji.nio:javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
2016-09-28 16:20:59.529:WARN:oeji.nio:javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
2016-09-28 16:20:59.616:WARN:oeji.nio:javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

the last 3 lines (...truncation attack?) get logged over and over every time i access the site.  The site still works but the log gets filled up with these WARN messages.

I found a posting somewhere stating that it could be related to a mismatch in TLS settings between the server and client.  I tried to limit the possibiIity of conflicts by specifying the SSL Protocol to TLS  have the following set in my rundeckd startup script:

# set the ssl opts if https is configured
SSL_OPTS=
proto=$(awk '/framework.server.url = / {split($3, a, ":"); print a[1]}' $RDECK_BASE/etc/framework.properties)
[ "${proto:-http}" == "https" ] && {
   SSL_OPTS="-Drundeck.ssl.config=$RDECK_BASE/server/config/ssl.properties -Dserver.https.port=${RDECK_PORT:=4443} \
             -Drundeck.jetty.connector.ssl.includedProtocols=TLSv1.2"
}

[Greg Schueler]

in your browser, are there any errors in the javascript console/network requests? I wonder if some requests for resources on the page are being sent without using ssl over the 4443 port (e.g a URL like `http://host:4443`)

On Wed, Sep 28, 2016 at 5:14 PM, Ryan B <weeb...@gmail.com> wrote:

Hello All,

I recently brought up a rundeck server.  I'm trying to use it with a self signed cert.  I followed instructions from the Admin Guide.  Once i started using the https site I noticed in the service.log a bunch of WARN events.  Here's a pasting of the service.log from the moment i started rundeck:

2016-09-28 16:20:16.073:INFO:oejs.Server:jetty-7.6.0.v20120127
2016-09-28 16:20:18.801:INFO:oejw.StandardDescriptorProcessor:NO JSP Support for /, did not find org.apache.jasper.servlet.JspServlet
2016-09-28 16:20:20.078:INFO:/:Initializing Spring root WebApplicationContext
2016-09-28 16:20:44,860 INFO BootStrap - Starting Rundeck 2.6.9-1...
2016-09-28 16:20:44,861 INFO BootStrap - using rdeck.base config property: /opt/rundeck/rundeck
2016-09-28 16:20:44,872 INFO BootStrap - loaded configuration: /opt/rundeck/rundeck/etc/framework.properties
2016-09-28 16:20:44,989 INFO BootStrap - RSS feeds disabled
2016-09-28 16:20:44,989 INFO BootStrap - Preauthentication is disabled
2016-09-28 16:20:45,025 INFO BootStrap - Rundeck is ACTIVE: executions can be run.
2016-09-28 16:20:46,948 INFO BootStrap - Rundeck startup finished in 2122ms
2016-09-28 16:20:46.948:INFO:oejsh.ContextHandler:started o.e.j.w.WebAppContext{/,file:/opt/rundeck/rundeck/server/exp/webapp/},/opt/rundeck/rundeck/server/exp/webapp
2016-09-28 16:20:47.045:INFO:/:Initializing Spring FrameworkServlet 'grails'
2016-09-28 16:20:47.147:INFO:oejus.SslContextFactory:Enabled Protocols [TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]

2016-09-28 16:20:47.165:INFO:oejs.AbstractConnector:Started SslSelectChannelConnector@0.0.0.0:4443

2016-09-28 16:20:59.529:WARN:oeji.nio:javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
2016-09-28 16:20:59.529:WARN:oeji.nio:javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
2016-09-28 16:20:59.616:WARN:oeji.nio:javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

the last 3 lines (...truncation attack?) get logged over and over every time i access the site.  The site still works but the log gets filled up with these WARN messages.

I found a posting somewhere stating that it could be related to a mismatch in TLS settings between the server and client.  I tried to limit the possibiIity of conflicts by specifying the SSL Protocol to TLS  have the following set in my rundeckd startup script:

# set the ssl opts if https is configured
SSL_OPTS=
proto=$(awk '/framework.server.url = / {split($3, a, ":"); print a[1]}' $RDECK_BASE/etc/framework.properties)
[ "${proto:-http}" == "https" ] && {
   SSL_OPTS="-Drundeck.ssl.config=$RDECK_BASE/server/config/ssl.properties -Dserver.https.port=${RDECK_PORT:=4443} \
             -Drundeck.jetty.connector.ssl.includedProtocols=TLSv1.2"
}

--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/fc76861b-4a0f-456b-8531-039341317aa5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Ryan B]

No.  I don't see any.  I use chrome and i don't see anything in the java script console or network  (chrome).

thanks..