SSLEngine weird behavior in 11+21?
Xuelei Fan
xuelei.fan at oracle.com
Tue Jul 31 14:33:05 UTC 2018
Hi,
Looks like we are on the same page now. For the data transportation
(wrap/unwrap), I agree we'd better use OK so that applications can make
the right decision.
Thanks,
Xuelei
On 7/31/2018 7:23 AM, Simone Bordet wrote:
> Hi,
> On Tue, Jul 31, 2018 at 4:13 PM Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>
>> The Status.CLOSED specification is defined as "The operation just closed
>> this side of the SSLEngine, or the operation could not be completed
>> because it was already closed.". My reading of the spec, the CLOSED
>> status means half-close. If wrap() status is CLOSED, it means write
>> side close; and unwrap() CLOSED is for read side close.
>>
>> I may prefer to:
>> 1. client.closeOutbound() then goes into NEED_WRAP.
>> 2. Client wraps 24 bytes, result is CLOSED, then goes into NEED_UNWRAP.
>> 3. Server unwraps 24 bytes, result is CLOSED, then goes into NEED_WRAP.
>> 4. server.closeOutbound() then goes into NEED_WRAP.
>> 5. Server wraps 24 bytes, result is CLOSED, then goes into NOT_HANDSHAKING.
>> 6. Client unwraps 24 bytes, result is CLOSED, then goes into
>> NOT_HANDSHAKING.
>
> Yes, we agreed that at step 2 and especially step 3 result must be CLOSED.
>
> Please consider the case where data is sent before the close_notify
> reply, and what would be good for you.
>
> Thanks!
>
More information about the security-dev
mailing list