RFR: 8253368: TLS connection always receives close_notify exception

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Mon Dec 14 18:01:00 UTC 2020


On Fri, 13 Nov 2020 14:16:35 GMT, Sean Coffey <coffeys at openjdk.org> wrote:

> removing the "closing inbound before receiving peer's close_notify" exception that can be seen with TLS stack if calling close on inbound. After reading the relevant parts of the TLS v1.2/v1.3 RFCs, I believe the local end point doesn't have to wait for close_notify alert from remote end.

src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java line 820:

> 818:                     "closing inbound before receiving peer's close_notify");
> 819:         }
> 820: 

I am a little bit hesitate to close the inbound silently, especially when it is a layered socket and the write side does not stop write yet.  The shutdownInput() is used to Unsupported UnsupportedOperationException, and allowed to throw IOException.  I think application may be able to handle it properly already.

Instead, maybe we could put the block (line 821-824) in a finalize block so that the input get closed before throwing this exception.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1205



More information about the security-dev mailing list