SSLEngine weird behavior in 11+21?

Xuelei Fan xuelei.fan at oracle.com
Thu Jul 12 14:40:39 UTC 2018


On 7/12/2018 7:33 AM, Xuelei Fan wrote:
>> In addition to what reported above, I would like to report also the
>> weird behavior during the close handshake (i.e. when one side decides
>> to close the connection).
>>
>> 1. client.closeOutbound() then goes into NEED_WRAP.
>> 2. Client wraps 24 bytes, result is CLOSED, then goes into 
>> NOT_HANDSHAKING (?)
>> 3. Server unwraps 24 bytes, result is CLOSED, then goes into NEED_WRAP.
>> 4. Server wraps 24 bytes, result is CLOSED, then goes into 
>> NOT_HANDSHAKING.
>> 5. Client unwraps 0 bytes (?)
>>
>> I think at step 2 the client should go into NEED_UNWRAP to read (at
>> step 5) the server response to the close_notify.
> In TLS 1.3, half-close policy is used.  The server may not response with 
> the close_notify for client close_notify request.  See the "Closure 
> Alerts" section for more details:
> https://tools.ietf.org/html/draft-ietf-tls-tls13-28#section-6.1
> 
> It is a little bit complicated when moving from the duplex-close to 
> half-close policy.  In order to mitigate the compatibility impact, in 
> JDK implementation, if the local send the close_notify, we choose to 
> close the underlying socket as well if needed.  But, if the peer send 
> the close_notify, the unwrap() should be able to consume the bytes.  It 
> looks like a implementation bug to me.
The issue is tracked in JBS:
    https://bugs.openjdk.java.net/browse/JDK-8207177

Xuelei



More information about the security-dev mailing list