SSLEngine weird behavior in 11+21?

Simone Bordet simone.bordet at gmail.com
Tue Jul 31 14:23:30 UTC 2018


Hi,
On Tue, Jul 31, 2018 at 4:13 PM Xuelei Fan <xuelei.fan at oracle.com> wrote:
>
> The Status.CLOSED specification is defined as "The operation just closed
> this side of the SSLEngine, or the operation could not be completed
> because it was already closed.".   My reading of the spec, the CLOSED
> status means half-close.   If wrap() status is CLOSED, it means write
> side close; and unwrap() CLOSED is for read side close.
>
> I may prefer to:
> 1. client.closeOutbound() then goes into NEED_WRAP.
> 2. Client wraps 24 bytes, result is CLOSED, then goes into NEED_UNWRAP.
> 3. Server unwraps 24 bytes, result is CLOSED, then goes into NEED_WRAP.
> 4. server.closeOutbound() then goes into NEED_WRAP.
> 5. Server wraps 24 bytes, result is CLOSED, then goes into NOT_HANDSHAKING.
> 6. Client unwraps 24 bytes, result is CLOSED, then goes into
> NOT_HANDSHAKING.

Yes, we agreed that at step 2 and especially step 3 result must be CLOSED.

Please consider the case where data is sent before the close_notify
reply, and what would be good for you.

Thanks!

-- 
Simone Bordet
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz


More information about the security-dev mailing list