RFR: 8253368: TLS connection always receives close_notify exception
Sean Coffey
coffeys at openjdk.java.net
Tue Dec 22 15:42:56 UTC 2020
On Fri, 13 Nov 2020 14:16:35 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
> removing the "closing inbound before receiving peer's close_notify" exception that can be seen with TLS stack if calling close on inbound. After reading the relevant parts of the TLS v1.2/v1.3 RFCs, I believe the local end point doesn't have to wait for close_notify alert from remote end.
@XueleiFan I went ahead with your advice and chose to keep the check in the code. Since JDK 11, this code path would have thrown an SSLException. I've chosen to keep that instead of introduce another Exception(UnsupportedOperationException) -- which would be new for some application stacks. I've looked at the apache core-http stack and know that it catches and ignores SSLException in these cases.
The important change here is that the exception is not fatal and the session remains valid. Socket is closed out in a finally block. test case updated also.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1205
More information about the security-dev
mailing list