RFR: 8328608: Multiple NewSessionTicket support for TLS
Anthony Scarpino
ascarpino at openjdk.org
Fri Jun 14 16:47:17 UTC 2024
On Fri, 14 Jun 2024 16:18:07 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java line 388:
>>
>>> 386: /*
>>> 387: * This thread addresses a Windows only networking issue found with
>>> 388: * SSLSocketBruteForceClose. A client that quickly closes after
>>
>> Thanks for bringing it up. Using a thread to delay sending the messages only hides the problem; if the client closes the connection without reading the NST messages, the connection will be reset. Should we work on a proper fix instead?
>
> And your suggestion would be?
This is a low level networking error beyond my control. All this code can do is accept that the operating system has sent it a fatal error that has blocked the servers ability to read data from the socket on data that was by the client already. This data is no lost, which is not a good situation to be in. Catching the exception doesn't resolved the lost data. A similar situation has occurred before with [JDK-8235973](https://bugs.openjdk.org/browse/JDK-8235973). Their solution does not fit here as this is during a normal read operation, but shows working around the issue was necessary.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19465#discussion_r1640105232
More information about the security-dev
mailing list