Socket read timeout resulting in fatal tls alert in jdk 11

Xuelei Fan xuelei.fan at oracle.com
Mon Feb 3 17:08:06 UTC 2020


On 2/3/2020 1:30 AM, BHARATH P G wrote:
> Sorry we attached logs from OracleJRE11 run.
> 
> We are attaching here logs from openjdk 11.
> 
Thanks!

> Looks like there is a gap between openjdk11 and OracleJDK11, in 
> openjdk11 we could see tls1.2 alert(unexpected_message) after socket 
> read timeout.
> 
I agreed there is a gap.  OpenJDK may want to fix the issue.

Regards,
Xuelei

> Thanks,
> Bharath
> 
> On Mon, 3 Feb 2020 at 11:46, Xuelei Fan <xuelei.fan at oracle.com 
> <mailto:xuelei.fan at oracle.com>> wrote:
> 
>     Per the attached debug log, it looks like that the exception is closure
>     failure, but not the timeout exception.  Did I missed something?
> 
>     Thanks & Regards,
>     Xuelei
> 
>     On 2/2/2020 9:48 PM, BHARATH P G wrote:
>      > Hi,
>      >
>      > We are hitting following issue with openjdk11.
>      >
>      > Issue description:
>      >
>      > If there is socket read timeout exception, jdk11 is sending tls
>     fatal
>      > alert causing client to close the socket connection. This was not
>     the
>      > behavior with jdk8.
>      >
>      > Below is the ssl debug logs with jdk11(complete log is available
>     in the
>      > attachment):
>      >
>      > javax.net.ssl|ERROR|01|main|2020-01-31 11:59:34.843
>      > IST|TransportContext.java:312|Fatal (UNEXPECTED_MESSAGE): Read
>     timed out (
>      >
>      > "throwable" : {
>      >
>      > java.net <http://java.net>.SocketTimeoutException: Read timed out
>      >
>      >          at java.base/java.net
>     <http://java.net>.SocketInputStream.socketRead0(Native Method)
>      >
>      >          at
>      > java.base/java.net
>     <http://java.net>.SocketInputStream.socketRead(SocketInputStream.java:115)
>      >
>      >          at
>      > java.base/java.net
>     <http://java.net>.SocketInputStream.read(SocketInputStream.java:168)
>      >
>      >          at
>      > java.base/java.net
>     <http://java.net>.SocketInputStream.read(SocketInputStream.java:140)
>      >
>      >          at
>      >
>     java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:448)
>      >
>      >          at
>      >
>     java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:165)
>      >
>      >          at
>      > java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
>      >
>      >          at
>      >
>     java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
>      >
>      >          at
>      >
>     java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
>      >
>      >          at
>      >
>     java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
>      >
>      >          at
>      >
>     java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)
>      >
>      >          at
>      >
>     java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:799)
>      >
>      >          at
>      > java.base/sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
>      >
>      >          at
>      > java.base/sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
>      >
>      >          at
>     java.base/sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
>      >
>      >          at
>      > java.base/java.io
>     <http://java.io>.InputStreamReader.read(InputStreamReader.java:185)
>      >
>      >          at java.base/java.io
>     <http://java.io>.BufferedReader.fill(BufferedReader.java:161)
>      >
>      >          at
>      > java.base/java.io
>     <http://java.io>.BufferedReader.readLine(BufferedReader.java:326)
>      >
>      >          at
>      > java.base/java.io
>     <http://java.io>.BufferedReader.readLine(BufferedReader.java:392)
>      >
>      >          at SimpleClient.startClient(SimpleClient.java:29)
>      >
>      >          at SimpleClient.main(SimpleClient.java:36)}
>      >
>      > )
>      >
>      > javax.net.ssl|DEBUG|01|main|2020-01-31 11:59:34.846
>      > IST|SSLSocketOutputRecord.java:71|WRITE: TLS12
>      > alert(unexpected_message), length = 2
>      >
>      > For reference I have attached sample client and server to repro the
>      > issue and also ssl debug in the attachment.
>      >
>      > Thanks,
>      >
>      > Bharath
>      >
> 



More information about the security-dev mailing list