TLSv1.3 HttpsServer endless loop based on client socket i/o shutdown

Jay Modi jay at elastic.co
Thu May 2 18:58:59 UTC 2019


With the release of 12.0.1, I tested this again and still see issues with
an endless loop in the way the HttpsServer handles this situation so I do
not believe this is the same issue as JDK-8214418.

Jay

On Mon, Feb 11, 2019 at 2:59 AM Daniel Fuchs <daniel.fuchs at oracle.com>
wrote:

> Hi Jay,
>
>
> It looks like this is JDK-8214418 - which has been fixed
> in 12.0.1 b03 and 13-ea b04. The issue was with the
> half closed semantics of the SSL engine in TLS 1.3.
>
> best regards,
>
> -- daniel
>
> On 08/02/2019 21:43, Jay Modi wrote:
> > Hi,
> >
> > I've been doing some testing with Apache HttpClient against the
> > com.sun.net.httpserver.HttpsServer that is included with the JDK and
> > came across some interesting behavior that occurs when using TLSv1.3,
> > but TLSv1.2 works normally. If the client manually calls
> > Socket#shutdownOutput and Socket#shutdownInput before closing the
> > socket, the HttpsServer goes into an endless loop while trying send the
> > close back to the client. Is this expected? I've done my best to create
> > a minimal reproducer without Apache HttpClient[1].
> >
> > To me this behavior does not seem right and as I mentioned, I did not
> > have these issues when using TLSv1.2. I'm running on macOS with the
> > following JDK:
> > openjdk version "11.0.2" 2019-01-15
> > OpenJDK Runtime Environment 18.9 (build 11.0.2+9)
> > OpenJDK 64-Bit Server VM 18.9 (build 11.0.2+9, mixed mode)
> >
> > Jay
> >
> > [1] https://gist.github.com/jaymode/3a6562beaa7ea789b287372bd10d4d1d
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20190502/e0b36036/attachment.html>


More information about the security-dev mailing list