SSLEngine weird behavior in 11+21?

Xuelei Fan xuelei.fan at oracle.com
Tue Jul 31 15:10:10 UTC 2018


Hi,

On 7/31/2018 6:43 AM, Xuelei Fan wrote:
> Current jdk11 tip with your patch:
> 1. client.closeOutbound() then goes into NEED_WRAP.
> 2. Client wraps 24 bytes, result is CLOSED, then goes into NEED_UNWRAP.
> 3. Server unwraps 24 bytes, result is CLOSED, then goes into NEED_WRAP.
> 4. Server wraps 0 bytes and stays in NEED_WRAP (?)
In my testing (OpenJDK, 
test/jdk/javax/net/ssl/TLSv1/TLSEnginesClosureTest.java), for #4, the 
server could wrap the close_notify alert message for TLS 1.2 and prior 
versions (CLOSED/NOT_HANDSHAKING); and wrap data for TLS 1.3 
(OK/NOT_HANDSHAKING, half-close).

Are you using TLS 1.3 with no data in your test case in #4?  Because of 
the half-close policy,  it may be the expected behavior if no 
application data can be delivered.

Thanks,
Xuelei

For TLS 1.2:
------------------------
Trying to close engines from Client to Server
Client wrapped 31 bytes.
Client handshake status is NEED_UNWRAP Result is CLOSED
Server unwrapping 31 bytes...
Server handshake status is NEED_WRAP Result is CLOSED
Server wrapped 31 bytes.
Server handshake status is NOT_HANDSHAKING Result is CLOSED
Client unwrapping 31 bytes...
Client handshake status is NOT_HANDSHAKING Result is CLOSED
Client wrapped 0 bytes.
Client handshake status is NOT_HANDSHAKING Result is CLOSED
Server unwrapping 0 bytes...
Server handshake status is NOT_HANDSHAKING Result is CLOSED
Successful closing from Client to Server
------------------------

For TLS 1.3
------------------------
Trying to close engines from Client to Server
Client wrapped 24 bytes.
Client handshake status is NEED_UNWRAP Result is CLOSED
Server unwrapping 24 bytes...
Server handshake status is NEED_WRAP Result is CLOSED
Server wrapped 16406 bytes.
Server handshake status is NEED_WRAP Result is OK
------------------------


More information about the security-dev mailing list