RFR: 8274524: SSLSocket.close() hangs if it is called during the ssl handshake
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Fri Feb 11 00:03:12 UTC 2022
On Thu, 10 Feb 2022 18:19:41 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
> Please review the patch for the JDK-8274524
>
> SSLSocket.close() could cause an intermittent hang of the socket read operation. It happens in case of SO_TIMEOUT is set to 0 (infinite timeout).
> SSLSocket.close() reads from the socket as part of the skip() operation to prevent TCP Connection reset (see JDK-8268965). Socket reads are performed in a loop for small chunks. These read operations could cause a deadlock, in case of SO_TIMEOUT = 0
> I suggest to force non-zero SO_TIMEOUT during the skip() operation to prevent such deadlock
>
> This is a second iteration of review. Previous PR was closed without integration: https://github.com/openjdk/jdk/pull/5760
src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java line 1792:
> 1790: try {
> 1791: if (soTimeout == 0)
> 1792: setSoTimeout(DEFAULT_SKIP_TIMEOUT);
This set will impact the socket overall behavior unexpectedly, not just the close() method.
Maybe, an input stream level synchronization is missed in the SSLSocketInputRecord method, so that logic of deplete could be interrupted.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7432
More information about the security-dev
mailing list