Bug / performance problem in changeCipherSuite

Xuelei Fan xuelei.fan at oracle.com
Fri Oct 22 17:28:51 UTC 2021


Hi Daniel,

Thank you for the nice catch!  I filed a JBS bug:
    https://bugs.openjdk.java.net/browse/JDK-8275811

It would be nice if you could also update similar issues in (DTLS)OutRecord files.

Thanks,
Xuelei

On Oct 22, 2021, at 8:14 AM, Daniel Jeliński <djelinski1 at gmail.com<mailto:djelinski1 at gmail.com>> wrote:

Hi all,
During routine examination of thread dumps I noticed a stack trace you
may find interesting. Relevant part:

  java.lang.Thread.State: RUNNABLE
...
at java.lang.IllegalStateException.<init>(java.base at 11.0.11/Unknown Source)
at javax.crypto.Cipher.checkCipherState(java.base at 11.0.11/Unknown Source)
at javax.crypto.Cipher.doFinal(java.base at 11.0.11/Unknown Source)
at sun.security.ssl.SSLCipher$T12GcmReadCipherGenerator$GcmReadCipher.dispose(java.base at 11.0.11/Unknown
Source)
at sun.security.ssl.InputRecord.changeReadCiphers(java.base at 11.0.11/Unknown
Source)
at sun.security.ssl.ChangeCipherSpec$T10ChangeCipherSpecConsumer.consume(java.base at 11.0.11/Unknown
Source)
...

All handshakes that negotiate GCM ciphers throw and catch an
exception, because the newly created cipher is disposed before use.

I believe this is caused by this line of code:
https://github.com/openjdk/jdk/blob/739769c8fc4b496f08a92225a12d07414537b6c0/src/java.base/share/classes/sun/security/ssl/InputRecord.java#L125

I think it should read as follows:
this.readCipher.dispose();

I can file a PR, just need help with JBS ID.
Regards,
Daniel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20211022/9742be5e/attachment.htm>


More information about the security-dev mailing list