Code Review Request, JDK-8207009 SSLEngine#closeInbound mentions SSLException when no close_notify is received

Xuelei Fan xuelei.fan at oracle.com
Tue Aug 7 14:46:28 UTC 2018 

New webrev:
http://cr.openjdk.java.net/~xuelei/8207009/webrev.03/

Thanks for a find of Tim Brooks, that the SSLEngine inbound/outbound 
status is incorrect if closing during handshake.  The above webrev is 
trying to fix the problems.  See more in the OpenJDK thread:
http://mail.openjdk.java.net/pipermail/security-dev/2018-August/017778.html

Please let me know your concerns before this Wednesday.

Thanks,
Xuelei

On 8/3/2018 1:55 PM, Xuelei Fan wrote:
> Update: http://cr.openjdk.java.net/~xuelei/8207009/webrev.02/
> 
> In webrev.01, the socket close may be blocked by super class close 
> synchronization.  Updated the SSLSocketImpl.java to use handshake only 
> lock in the startHandshake() implementation.
> 
> Thanks,
> Xuelei
> 
> On 8/1/2018 7:27 PM, Xuelei Fan wrote:
>> Update: http://cr.openjdk.java.net/~xuelei/8207009/webrev.01/
>>
>> Integrated the fix for JDK-8208642, "Server initiated TLSv1.2 
>> renegotiation fails if Java client allows TLSv1.3".  SSLHandshake.java 
>> is updated to use negotiated version so that TLS 1.2 HelloRequest is 
>> acceptable in TLS 1.3 client side.
>>
>> Thanks,
>> Xuelei
>>
>> On 7/30/2018 10:24 AM, Xuelei Fan wrote:
>>> <loop in net-dev as well>
>>> Please let me know your concerns by the end of August 1st, 2018.
>>>
>>> Thanks,
>>> Xuelei
>>>
>>>
>>> On 7/30/2018 9:59 AM, Xuelei Fan wrote:
>>>> Hi,
>>>>
>>>> Please review the update for the TLS 1.3 half-close and 
>>>> synchronization implementation:
>>>>     http://cr.openjdk.java.net/~xuelei/8207009/webrev.00/
>>>>
>>>> Unlike TLS 1.2 and prior versions, for TLS 1.3, the close_notify is 
>>>> use to close the local write side and peer read side only.  After 
>>>> the close_notify get handles, the local read side and peer write 
>>>> side may still be open.
>>>>
>>>> In this update, if an application calls 
>>>> SSLEngine.closeInbound/Outbound() or 
>>>> SSLSocket.shutdownInput/Output(), half-close will be used.  For 
>>>> compatibility, if SSLSocket.close() get called, a duplex close will 
>>>> be tried.  In order to support duplex close, JDK will use the 
>>>> user_canceled warning alert even the handshake complete.
>>>>
>>>> In practice, an application may only close outbound even it is 
>>>> intended to close the inbound as well, or close the connection 
>>>> completely.  It works for TLS 1.2 and prior versions.  But no more 
>>>> for TLS 1.3 because of the close_notify behavior change in the TLS 
>>>> 1.3 specification.  The application may be hung and dead-waiting for 
>>>> read/close.  It could be solved by closing the inbound explicitly. 
>>>> In order to mitigate the impact, a new System Property is 
>>>> introduced, "jdk.tls.acknowledgeCloseNotify" if source code update 
>>>> is not available.   If the System Property is set to "true", if 
>>>> receiving the close_notify, a close_notify alert will be responded.  
>>>> It is a countermeasure of the TLS 1.3 half-close issues.
>>>>
>>>> Thanks,
>>>> Xuelei
>>>>
>>>>
>>>>

More information about the net-dev mailing list