RFR11(s): 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy
Martin Choma
mchoma at redhat.com
Tue Sep 25 08:23:33 UTC 2018
Hi,
With jdk11 (openjdk/oracle) I see on client side
"SSLProtocolException: Connection reset" in negative scenarios (wrong
certificate), instead of expected javax.net.SSLException . What is
strange, although, it happens randomly (different negative scenarios
fails this way and only sometimes) and only on windows machines. So
sometimes connection is rather reseted than proper exception is
thrown.
I came across https://bugs.openjdk.java.net/browse/JDK-8207317, which
seems to me relevant to this scenario. Is it possible some
indeterministic behaviour was introduced by the fix.
Regards,
Martin Choma
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssl.debug
Type: application/octet-stream
Size: 77582 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180925/2a7b0b9c/ssl.debug>
More information about the security-dev
mailing list