Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

complete proxy failure due to Java TLS bug

Jonathan | Last updated: Mar 05, 2021 05:33PM UTC

I am getting this proxy error: 1614964526020 Error Proxy [22] The client failed to negotiate a TLS connection to xxx.com:443: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16) I have tried changing the TLS Negotiation settings to avoid AEAD ciphers but that did not fix the problem. I am using the latest version of Burp Professional (2012.2.1). The diagnostics say java.runtime.version 15.0.2+7-27. Because of this error, Burp is completely unuseable for the project. Can you clarify the meaning of this error? I think it means that Burp cannot connect to the upstream server properly, but it could also mean that the mobile app could not connect to Burp.

Uthman, PortSwigger Agent | Last updated: Mar 08, 2021 02:16PM UTC

Hi Jonathan, Thanks for reporting this. It is a known unresolved bug in OpenJDK: - https://bugs.openjdk.java.net/browse/JDK-8221218 Have you tried disabling TLSv1.3 on your Proxy listener? You can do this in Burp by selecting Proxy > Options > Select a proxy listener > Edit > TLS Protocols > Use custom protocols > deselect TLSv1.3.

Jonathan | Last updated: Mar 12, 2021 05:54PM UTC

I'll try that workaround when I get a chance. What is your plan regarding the bug in OpenJDK? That ticket is 2 years old so it doesn't look like it will be handled upstream.

Uthman, PortSwigger Agent | Last updated: Mar 15, 2021 10:44AM UTC

We don't have any plans to stop using OpenJDK and the bug will need to be fixed by their developers (I appreciate it is open-source). Have you tried launching Burp with a Java version from 9 to 11? Does the issue persist?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.