RFR: 8273553: sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368 [v3]

Bradford Wetmore wetmore at openjdk.java.net
Tue Mar 29 22:02:36 UTC 2022


> JDK-8253368 changed the behavior of SSLSocket to no longer throw a fatal internal_error (80) and invalidate existing sessions (either completed or under construction) as described in (RFC 4346/TLSv1.1+) if a connection was closed without receiving a close_notify alert from the peer.  
> 
> This change introduces similar behavior to SSLEngine.
> 
> The unit test checks that closing the read(input) sides of the SSLSocket/SSLEngine throws an SSLException, but doesn't invalidate their respective sessions.
> 
> Tier1/2 mach5 tests have been successfully run.

Bradford Wetmore has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 13 additional commits since the last revision:

 - Merge branch 'master' into JDK-8273553
 - Code review comment: enclose conContext.closeInbound() in a try/finally block.
 - Merge branch 'master' into JDK-8273553
 - Merge branch 'master' into JDK-8273553
 - Added SSLSocket bugid since we're actually checking both sides now.
 - I/O Issues, rewrite the I/O section so that early Socket closes don't kill our server-side reads.
 - Merge branch 'master' into JDK-8273553
 - Merge branch 'master' into JDK-8273553
 - Merge
 - Minor test tweaks.
 - ... and 3 more: https://git.openjdk.java.net/jdk/compare/38460839...08d22aee

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/7796/files
  - new: https://git.openjdk.java.net/jdk/pull/7796/files/b2f64d92..08d22aee

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7796&range=02
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7796&range=01-02

  Stats: 65793 lines in 503 files changed: 62965 ins; 887 del; 1941 mod
  Patch: https://git.openjdk.java.net/jdk/pull/7796.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/7796/head:pull/7796

PR: https://git.openjdk.java.net/jdk/pull/7796



More information about the security-dev mailing list