[security-dev 00425]: Re: NullPointerException at sun.security.ssl.OutputRecord.writeBuffer
Kanatoko
anvil at jumperz.net
Sun Nov 23 14:08:13 UTC 2008
Brad,
> We have the fix ready and are trying to get it into 6u12, due out in
> early 2009, and of course it will go into JDK7.
That is great. Thank you.
> In JSSE, you can layer a SSLSocket over an existing Socket. That will
> avoid SSLServerSocket creating the dummy Socket that is eventually
> leaking the file descriptors.
>
> So do something like this:
>
> // Create and initialize a SSLContext, from which you obtain a
> // SSLSocketFactory, sslssf
>
> ServerSocket ss = new ServerSocket(port);
> Socket s = ss.accept();
> sslssf.createSocket(s, s.getInetAddress().getHostName(),
> s.getPort(), false);
>
> Hope this helps.
I think it does not wok. Because SSLSocketFactory.createSocket() can be
used at the client side.
--
Kanatoko<anvil at jumperz.net>
Open Source WebAppFirewall
http://guardian.jumperz.net/
More information about the security-dev
mailing list