Intermittent io.https.response.truncationProtection.disable

Document ID : KB000075366
Last Modified Date : 08/05/2018
Show Technical Document Details
Issue:
io.https.response.truncationProtection.disable=FALSE Causing outage in production. The following is evident in the SPSAgentTrace.log when SPS tries to connect to the API Gateway:

[02/16/2018][02:24:20][7220][139993319991040][2291d863-69f2b7e7-c0fab176-35246223-9e81d7f1-81d][execute][Inbound closed before receiving peer's close_notify: possible truncation attack?]

[02/16/2018][02:24:20][7220][139993319991040][2291d863-69f2b7e7-c0fab176-35246223-9e81d7f1-81d][execute][Retrying to send the request to backend web server.Retry count: 3] [02/16/2018][02:24:20][7220][139993319991040][2291d863-69f2b7e7-c0fab176-35246223-9e81d7f1-81d][execute][Tried to send the request to backend web server three times.Throwing the exception to client. ] [02/16/2018][02:24:20][7220][139993319991040][2291d863-69f2b7e7-c0fab176-35246223-9e81d7f1-81d][Noodle::doGet][javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? at com.rsa.sslj.x.aH.d(Unknown Source)]
Environment:
Client -> F5 -> CA Access Gateway (R12.7) --> F5 -> (2) CA API Gateway 9.2(OAuth token) 
Cause:
Analysis for SSO AG side: SSO AG sends a request the backend server it receives a FIN instead of valid responses back at this point SPS will go into retry mode, when AG reaches MAX retry count exception is recorded and sent back to the client
 
Each retry attempt releases the connection as not reusable possible truncation attack
Log messages:
  • Released connection is not reusable
  • Inbound closed before receiving peer's close_notify: possible truncation attack
 
When doing SSL the request exception:
[javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?         at com.rsa.sslj.x.aH.d(Unknown Source)]
 
 
Resolution:
SSO Access Gateway (AG) is working as designed going into a retry state if no response is received