OpenJDK11u: Backward incompatible behavior

Alexey Bakhtin alexey at azul.com
Mon Feb 24 19:04:02 UTC 2020


Hi Xuelei,

Thank you. It would be glad if you can review this fix.
The patch almost cleanly applied to JDK15.
Also, As Kumar mentioned, the patch does not include regression test.
I’m going to add regression test and patch for JDK15 tomorrow.

Thank you.
Alexey

> On 24 Feb 2020, at 21:41, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
> Hi Alexey,
> 
> Thanks for working on this issue.  Do you plan to fix it for JDK 15, the current JDK reposiroty?
> 
> I need more time for evaluate the fix.  For example, I'm not sure if we could always throw InterruptedIOException to applications, even for getSession().
> 
> Regards,
> Xuelei
> 
> On 2/24/2020 7:58 AM, Alexey Bakhtin wrote:
>> Hello,
>> I have been working on this issue for some time already.
>> The patch below adds  java.net.SocketTimeoutException handling during TLS handshake negotiation. This functionality seems to have been missed during the TLSv1.3 implementation ( JDK-8196584 )
>> Tested with JDK11 and higher.
>> JDK11 webrev: http://cr.openjdk.java.net/~yan/8239788/webrev.0/
>> jbs: https://bugs.openjdk.java.net/browse/JDK-8239798 and https://bugs.openjdk.java.net/browse/JDK-8239788
>> Thank you,
>> Alexey
>>> On 22 Feb 2020, at 15:00, security-dev-request at openjdk.java.net <mailto:security-dev-request at openjdk.java.net> wrote:
>>> 
>>> I will look into the issue.
>>> 
>>> BTW, I closed JDK-8239788 as duplicate of JDK-8239798.
>>> 
>>> Thanks,
>>> Xuelei
>>> 
>>> On 2/21/2020 9:24 AM, Kumar Srinivasan wrote:
>>>> Hi security-folk,
>>>> 
>>>> At VMware while upgrading our application to OpenJDK11u, we have
>>>> encountered what seems to be a serious behavior issue.
>>>> The issue AFAICT seems to have stemmed from the work for TLS1.3 and
>>>> JDK-8196584 <https://bugs.openjdk.java.net/browse/JDK-8196584>.
>>>> 
>>>> Overview:
>>>> With OpenJDK11 the end-points are closed immediately with TLS alerts
>>>> raised when an exception is received.
>>>> This is not the case with JDK8 the socket is not closed allowing retries.
>>>> 
>>>> I have filed: JDK-8239798 (with a reproducer), this issue was also
>>>> reported ?to Azul and they have filed: JDK-8239788.
>>>> 
>>>> Can you please evaluate this at the earliest, this is a serious show
>>>> stopper for VMware.
>>>> 
>>>> Thank
>>>> Kumar Srinivasan
>>>> VMware
>>> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20200224/fd8b9c1d/signature.asc>


More information about the security-dev mailing list