One of the most common problems any IT admin faces is a software update. While software updates are generally considered a good thing, because they patch security flaws, fix bugs, try to improve performance, and more, they are also a common source of problems. Every admin knows to be ready for calls after a scheduled maintenance window. This issue was no different.

 

A ticket came in stating users could not access a web app through the backend system after an upgrade to Java 1.7. The server, java, and app logs all looked ok and appeared to be running properly. Also, interestingly, the web app worked when accessed directly from a web browser. This sounded like a perfect opportunity for a quick packet capture and analysis. Here is what was produced:

 
WireShark_SSL_UnrecognizedName
 

*Note: In order to maintain the SSL session info I could not anonymize this, so I’m just using a screen shot instead of sharing the capture on CloudShark.

 

I’ve done quite a few packet captures over the years and I’ve analyzed SSL sessions more times than I can count, but I honestly had never seen an “Unrecognized Name” error before. The good news is there is a clear problem with the SSL session setup that can be diagnosed and fixed. The bad news is I wasn’t quite sure how to resolve it. Thankfully, DuckDuckGo (use a private/secure search engine!) and the good community at Stack Overflow had this problem well documented and resolved.

 

It turns out the new version of Java enables SNI support by default and this error results if the server is misconfigured. Java, as used on the backend in this example, caught this error and terminated the setup. User browsers would ignore this warning and continue loading the web app. Another “feature” included with an update, another mystery solved, and another happy customer.

 

I think this is a good time to mention how critical it is to have identical testing environments where updates and any other changes can be tested before being introduced to production. Bugs like this can be identified and mitigated before causing actual outages. It’s also a great place to test performance improvements!

 

Time to go sit outside and enjoy some sun with my magnifying glass waiting for the next bug to come along…[no insects were harmed in the making of this blog post]

Leave a Reply

Your email address will not be published. Required fields are marked *