SSLEngine weird behavior in 11+21?
Xuelei Fan
xuelei.fan at oracle.com
Tue Jul 31 15:10:10 UTC 2018
Hi,
On 7/31/2018 6:43 AM, Xuelei Fan wrote:
> Current jdk11 tip with your patch:
> 1. client.closeOutbound() then goes into NEED_WRAP.
> 2. Client wraps 24 bytes, result is CLOSED, then goes into NEED_UNWRAP.
> 3. Server unwraps 24 bytes, result is CLOSED, then goes into NEED_WRAP.
> 4. Server wraps 0 bytes and stays in NEED_WRAP (?)
In my testing (OpenJDK,
test/jdk/javax/net/ssl/TLSv1/TLSEnginesClosureTest.java), for #4, the
server could wrap the close_notify alert message for TLS 1.2 and prior
versions (CLOSED/NOT_HANDSHAKING); and wrap data for TLS 1.3
(OK/NOT_HANDSHAKING, half-close).
Are you using TLS 1.3 with no data in your test case in #4? Because of
the half-close policy, it may be the expected behavior if no
application data can be delivered.
Thanks,
Xuelei
For TLS 1.2:
------------------------
Trying to close engines from Client to Server
Client wrapped 31 bytes.
Client handshake status is NEED_UNWRAP Result is CLOSED
Server unwrapping 31 bytes...
Server handshake status is NEED_WRAP Result is CLOSED
Server wrapped 31 bytes.
Server handshake status is NOT_HANDSHAKING Result is CLOSED
Client unwrapping 31 bytes...
Client handshake status is NOT_HANDSHAKING Result is CLOSED
Client wrapped 0 bytes.
Client handshake status is NOT_HANDSHAKING Result is CLOSED
Server unwrapping 0 bytes...
Server handshake status is NOT_HANDSHAKING Result is CLOSED
Successful closing from Client to Server
------------------------
For TLS 1.3
------------------------
Trying to close engines from Client to Server
Client wrapped 24 bytes.
Client handshake status is NEED_UNWRAP Result is CLOSED
Server unwrapping 24 bytes...
Server handshake status is NEED_WRAP Result is CLOSED
Server wrapped 16406 bytes.
Server handshake status is NEED_WRAP Result is OK
------------------------
More information about the security-dev
mailing list