RFR: 8253368: TLS connection always receives close_notify exception
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Mon Dec 14 18:01:00 UTC 2020
On Fri, 13 Nov 2020 14:16:35 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
> removing the "closing inbound before receiving peer's close_notify" exception that can be seen with TLS stack if calling close on inbound. After reading the relevant parts of the TLS v1.2/v1.3 RFCs, I believe the local end point doesn't have to wait for close_notify alert from remote end.
src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java line 820:
> 818: "closing inbound before receiving peer's close_notify");
> 819: }
> 820:
I am a little bit hesitate to close the inbound silently, especially when it is a layered socket and the write side does not stop write yet. The shutdownInput() is used to Unsupported UnsupportedOperationException, and allowed to throw IOException. I think application may be able to handle it properly already.
Instead, maybe we could put the block (line 821-824) in a finalize block so that the input get closed before throwing this exception.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1205
More information about the security-dev
mailing list