SSLEngine unwrap() javax.crypto.BadPaddingException: bad record MAC

Question

This has been driving me crazy for a few days now. I created a client using java nio with ssl encryption using an SSLEngine. Handshake works fine, and I write a GET request to a

Answer 1

You're doing this wrong. When you need to get data you should:

1. Get from your app receiver buffer.
2. If that's empty, try unwrap().
3. If that gives you a buffer underflow, read the channel.

Similarly when you need to put data, you should:

4. Put to your app send buffer.
5. If that fills, wrap().
6. Write if that gives you a buffer overflow.

Or do all that when you need to flush.

Your primary interface should be with the engine, and only with the channel as a result of what the engine tells you about buffer underflows and overflows.

Similarly you must let the engine dictate the handshake (NEED_WRAP/NEED_UNWRAP) rather than try to dictate to it.

The SSLEngine is a very difficult thing to get right. Many have tried: few have succeeded. For one working success, that is the basis for a commercial product, see the SSLEngineManager class in the source code for my book Fundamental Networking in Java, Springer 2006, here.