SSLSocketImpl.java related patches for 8u
Alvarez, David
alvdavi at amazon.com
Fri Dec 18 16:26:28 UTC 2020
Hi,
After deploying 8u275 to our services, we have noticed occasional
socket related failures in some of our services that seemed related to
JDK-8245468 [1], the TLSv1.3 backport. During the investigation, I
noticed there was a set of SSLSocketImpl related patches that were
applied to 11u after 11.0.7 that have not been backported to 8u, and I
think we should bring them. The full list ist:
[1] JDK-8209333: Socket reset issue for TLS 1.3 socket close
[2] JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-
friendly java.util.concurrent.locks in JSSE"
[3] JDK-8219991: New fix of the deadlock in
sun.security.ssl.SSLSocketImpl
[4] JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions
[5] JDK-8239798: SSLSocket closes socket both socket endpoints on a
SocketTimeoutException
[6] JDK-8242294: JSSE Client does not throw SSLException when an alert
occurs during handshaking
[7] JDK-8246031: SSLSocket.getSession() doesn't close connection for
timeout/ interrupts
[8] JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11
Most of these changes have also been included by Oracle in 8u261 or
8u271, with two exceptions. [2] is there only as a prerequisite of [3],
and although there is an entry for a [3] backport to 8u281, but it is
marked as Won't Fix, I'll leave to the maintainers to decide whether we
want to include [3] or not. Regarding the backports, only [1] and [5]
weren't clean, I will be sending RFRs for them.
Additionally, I have located two other Socket related patches that
Oracle included in 8 and 11 that we are missing:
[9] JDK-8256818: SSLSocket that is never bound or connected leaks
socket resources
[10] JDK-8224829: AsyncSSLSocketClose.java has timing issue
If and when these two patches are included in 11u, I think we should
bring them to 8u too. I already sent an email to jdk-updates-dev for
clarification on how to proceed with [10], as it interacts with how [2]
was done.
Out of this list, I would be interested in knowing which patches the
maintainers think should made it to 8u. Given how interwoven most of
them are, which ones are included will affect whether and RFR is needed
or not, and how the RFR would look like.
Thanks,
David
--
[1] https://bugs.openjdk.java.net/browse/JDK-8209333
[2] https://bugs.openjdk.java.net/browse/JDK-8240827
[3] https://bugs.openjdk.java.net/browse/JDK-8219991
[4] https://bugs.openjdk.java.net/browse/JDK-8235263
[5] https://bugs.openjdk.java.net/browse/JDK-8239798
[6] https://bugs.openjdk.java.net/browse/JDK-8242294
[7] https://bugs.openjdk.java.net/browse/JDK-8246031
[8] https://bugs.openjdk.java.net/browse/JDK-8236464
[9] https://bugs.openjdk.java.net/browse/JDK-8256818
[10] https://bugs.openjdk.java.net/browse/JDK-8224829
More information about the jdk8u-dev
mailing list