SSLSocketImpl.java related patches for 8u

Andrew Hughes gnu.andrew at redhat.com
Tue Dec 22 06:28:37 UTC 2020


On 16:26 Fri 18 Dec     , Alvarez, David wrote:
> Hi,
> 
> After deploying 8u275 to our services, we have noticed occasional
> socket related failures in some of our services that seemed related to
> JDK-8245468 [1], the TLSv1.3 backport. During the investigation, I
> noticed there was a set of SSLSocketImpl related patches that were
> applied to 11u after 11.0.7 that have not been backported to 8u, and I
> think we should bring them. The full list ist:
> 
> [1] JDK-8209333: Socket reset issue for TLS 1.3 socket close
> [2] JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-
> friendly java.util.concurrent.locks in JSSE"
> [3] JDK-8219991: New fix of the deadlock in
> sun.security.ssl.SSLSocketImpl
> [4] JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions
> [5] JDK-8239798: SSLSocket closes socket both socket endpoints on a
> SocketTimeoutException
> [6] JDK-8242294: JSSE Client does not throw SSLException when an alert
> occurs during handshaking
> [7] JDK-8246031: SSLSocket.getSession() doesn't close connection for
> timeout/ interrupts
> [8] JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11
> 
> Most of these changes have also been included by Oracle in 8u261 or
> 8u271, with two exceptions. [2] is there only as a prerequisite of [3],
> and although there is an entry for a [3] backport to  8u281, but it is
> marked as Won't Fix, I'll leave to the maintainers to decide whether we
> want to include [3] or not. Regarding the backports, only [1] and [5]
> weren't clean, I will be sending RFRs for them.
> 
> Additionally, I have located two other Socket related patches that
> Oracle included in 8 and 11 that we are missing:
> [9] JDK-8256818: SSLSocket that is never bound or connected leaks
> socket resources
> [10] JDK-8224829: AsyncSSLSocketClose.java has timing issue
> 
> If and when these two patches are included in 11u, I think we should
> bring them to 8u too. I already sent an email to jdk-updates-dev for
> clarification on how to proceed with [10], as it interacts with how [2]
> was done.
> 
> Out of this list, I would be interested in knowing which patches the
> maintainers think should made it to 8u. Given how interwoven most of
> them are, which ones are included will affect whether and RFR is needed
> or not, and how the RFR would look like.
> 
> Thanks,
> 
> David
> 
> --
> [1] https://bugs.openjdk.java.net/browse/JDK-8209333
> [2] https://bugs.openjdk.java.net/browse/JDK-8240827
> [3] https://bugs.openjdk.java.net/browse/JDK-8219991
> [4] https://bugs.openjdk.java.net/browse/JDK-8235263
> [5] https://bugs.openjdk.java.net/browse/JDK-8239798
> [6] https://bugs.openjdk.java.net/browse/JDK-8242294
> [7] https://bugs.openjdk.java.net/browse/JDK-8246031
> [8] https://bugs.openjdk.java.net/browse/JDK-8236464
> [9] https://bugs.openjdk.java.net/browse/JDK-8256818
> [10] https://bugs.openjdk.java.net/browse/JDK-8224829
> 
> 
> 
> 
> 

Thanks for looking into this (and for the links!) I've been
meaning to do the same since the backport was integrated.
I'll have a look at them in detail tomorrow.
-- 
Andrew :)

Senior Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222


More information about the jdk8u-dev mailing list