SSLEngine weird behavior in 11+21?

Xuelei Fan xuelei.fan at oracle.com
Tue Jul 31 14:33:05 UTC 2018


Hi,

Looks like we are on the same page now.  For the data transportation 
(wrap/unwrap), I agree we'd better use OK so that applications can make 
the right decision.

Thanks,
Xuelei

On 7/31/2018 7:23 AM, Simone Bordet wrote:
> Hi,
> On Tue, Jul 31, 2018 at 4:13 PM Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>
>> The Status.CLOSED specification is defined as "The operation just closed
>> this side of the SSLEngine, or the operation could not be completed
>> because it was already closed.".   My reading of the spec, the CLOSED
>> status means half-close.   If wrap() status is CLOSED, it means write
>> side close; and unwrap() CLOSED is for read side close.
>>
>> I may prefer to:
>> 1. client.closeOutbound() then goes into NEED_WRAP.
>> 2. Client wraps 24 bytes, result is CLOSED, then goes into NEED_UNWRAP.
>> 3. Server unwraps 24 bytes, result is CLOSED, then goes into NEED_WRAP.
>> 4. server.closeOutbound() then goes into NEED_WRAP.
>> 5. Server wraps 24 bytes, result is CLOSED, then goes into NOT_HANDSHAKING.
>> 6. Client unwraps 24 bytes, result is CLOSED, then goes into
>> NOT_HANDSHAKING.
> 
> Yes, we agreed that at step 2 and especially step 3 result must be CLOSED.
> 
> Please consider the case where data is sent before the close_notify
> reply, and what would be good for you.
> 
> Thanks!
> 


More information about the security-dev mailing list