Socket read timeout resulting in fatal tls alert in jdk 11

BHARATH P G barath.pg67 at gmail.com
Thu Feb 6 06:05:11 UTC 2020


Thanks Xuelei, can you share with us any tracking bug related to this?

I also would like to highlight that both oracle JDK11 and OpenJDK 11 are
behaving the same way, we confirmed it with multiple runs on both oracle
JDK11 and openjdk11, i.e tls fatal alert raised on ssl socket read timeout
exception, and this wasn't the behavior with jdk8.

Thanks,
Bharath


On Mon, 3 Feb 2020 at 22:39, Xuelei Fan <xuelei.fan at oracle.com> wrote:

> On 2/3/2020 1:30 AM, BHARATH P G wrote:
> > Sorry we attached logs from OracleJRE11 run.
> >
> > We are attaching here logs from openjdk 11.
> >
> Thanks!
>
> > Looks like there is a gap between openjdk11 and OracleJDK11, in
> > openjdk11 we could see tls1.2 alert(unexpected_message) after socket
> > read timeout.
> >
> I agreed there is a gap.  OpenJDK may want to fix the issue.
>
> Regards,
> Xuelei
>
> > Thanks,
> > Bharath
> >
> > On Mon, 3 Feb 2020 at 11:46, Xuelei Fan <xuelei.fan at oracle.com
> > <mailto:xuelei.fan at oracle.com>> wrote:
> >
> >     Per the attached debug log, it looks like that the exception is
> closure
> >     failure, but not the timeout exception.  Did I missed something?
> >
> >     Thanks & Regards,
> >     Xuelei
> >
> >     On 2/2/2020 9:48 PM, BHARATH P G wrote:
> >      > Hi,
> >      >
> >      > We are hitting following issue with openjdk11.
> >      >
> >      > Issue description:
> >      >
> >      > If there is socket read timeout exception, jdk11 is sending tls
> >     fatal
> >      > alert causing client to close the socket connection. This was not
> >     the
> >      > behavior with jdk8.
> >      >
> >      > Below is the ssl debug logs with jdk11(complete log is available
> >     in the
> >      > attachment):
> >      >
> >      > javax.net.ssl|ERROR|01|main|2020-01-31 11:59:34.843
> >      > IST|TransportContext.java:312|Fatal (UNEXPECTED_MESSAGE): Read
> >     timed out (
> >      >
> >      > "throwable" : {
> >      >
> >      > java.net <http://java.net>.SocketTimeoutException: Read timed out
> >      >
> >      >          at java.base/java.net
> >     <http://java.net>.SocketInputStream.socketRead0(Native Method)
> >      >
> >      >          at
> >      > java.base/java.net
> >     <http://java.net
> >.SocketInputStream.socketRead(SocketInputStream.java:115)
> >      >
> >      >          at
> >      > java.base/java.net
> >     <http://java.net>.SocketInputStream.read(SocketInputStream.java:168)
> >      >
> >      >          at
> >      > java.base/java.net
> >     <http://java.net>.SocketInputStream.read(SocketInputStream.java:140)
> >      >
> >      >          at
> >      >
> >
>  java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:448)
> >      >
> >      >          at
> >      >
> >
>  java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:165)
> >      >
> >      >          at
> >      >
> java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
> >      >
> >      >          at
> >      >
> >
>  java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
> >      >
> >      >          at
> >      >
> >
>  java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
> >      >
> >      >          at
> >      >
> >
>  java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
> >      >
> >      >          at
> >      >
> >
>  java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)
> >      >
> >      >          at
> >      >
> >
>  java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:799)
> >      >
> >      >          at
> >      >
> java.base/sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
> >      >
> >      >          at
> >      >
> java.base/sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
> >      >
> >      >          at
> >     java.base/sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
> >      >
> >      >          at
> >      > java.base/java.io
> >     <http://java.io>.InputStreamReader.read(InputStreamReader.java:185)
> >      >
> >      >          at java.base/java.io
> >     <http://java.io>.BufferedReader.fill(BufferedReader.java:161)
> >      >
> >      >          at
> >      > java.base/java.io
> >     <http://java.io>.BufferedReader.readLine(BufferedReader.java:326)
> >      >
> >      >          at
> >      > java.base/java.io
> >     <http://java.io>.BufferedReader.readLine(BufferedReader.java:392)
> >      >
> >      >          at SimpleClient.startClient(SimpleClient.java:29)
> >      >
> >      >          at SimpleClient.main(SimpleClient.java:36)}
> >      >
> >      > )
> >      >
> >      > javax.net.ssl|DEBUG|01|main|2020-01-31 11:59:34.846
> >      > IST|SSLSocketOutputRecord.java:71|WRITE: TLS12
> >      > alert(unexpected_message), length = 2
> >      >
> >      > For reference I have attached sample client and server to repro
> the
> >      > issue and also ssl debug in the attachment.
> >      >
> >      > Thanks,
> >      >
> >      > Bharath
> >      >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20200206/c77ddc5d/attachment.htm>


More information about the security-dev mailing list