Recent SSLSocket close() @apiNote Changes.
Bradford Wetmore
bradford.wetmore at oracle.com
Thu Mar 3 01:14:48 UTC 2022
Hi Xuelei,
I am working on some close code including the recent PR[1] for:
8282529: Fix API Note in javadoc for javax.net.ssl.SSLSocket
and ran into a change I hadn't noticed before.
* @apiNote
* When the connection is no longer needed, the client and server
* applications should each close both sides of their respective
connection.
* For {@code SSLSocket} objects, for example, an application can call
* {@link Socket#shutdownOutput()} for output stream close and call
* {@link Socket#shutdownInput()} for input stream close.
It used to be that just a single SSLSocket.close() was sufficient to
completely shutdown the SSLSocket, and under the hood it closed the
output/input in the right order.
I believe this code still closes everything as before, but the updated
@apiNote encourages the user to do a three-part shutdown instead.
socket.shutdownOutput();
socket.shutdownInput();
socket.close(); // mostly repeats of above.
This approach seems unnecessary unless the user is interested in the
TLSv1.3 half-close mode.
What is the rationale for recommending this way of doing closes in
general? Or does this @apiNote need another iteration?
Thanks,
Brad
[1] https://github.com/openjdk/jdk/pull/7648
More information about the security-dev
mailing list