Change in closeOutbound() behavior for unused SSLEngine
Simone Bordet
simone.bordet at gmail.com
Wed Oct 16 09:53:13 UTC 2019
Hi,
SSLContext sslContext = SSLContext.getDefault();
SSLEngine sslEngine = sslContext.createSSLEngine();
sslEngine.closeOutbound();
SSLEngineResult.HandshakeStatus hsStatus = sslEngine.getHandshakeStatus();
System.err.println("hsStatus = " + hsStatus);
This prints "NOT_HANDSHAKING" in Java 8 and "NEED_UNWRAP" in JDK 11+.
In both cases, trying to wrap() consumes and produces 0 bytes (so the
close_notify is not generated, which I think is fine given that the
SSLEngine was never used) and produces a CLOSED result.
This case is common for connections that are established but never
used (not even a TLS byte was exchanged).
Is this change in behavior expected?
I find strange that calling closeOutbound() results in a NEED_UNWRAP
(as there is nothing to read).
Thanks!
--
Simone Bordet
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless. Victoria Livschitz
More information about the security-dev
mailing list