SSLSocketImpl improperly wraps SocketException in SSLProtocolException

Xuelei Fan Xuelei.Fan at Oracle.Com
Wed Nov 21 19:06:22 UTC 2018


Thanks for reporting the issue.  Did you have the thread stacks of the unexpected exception?  

Please file a bug.  I’d appreciate it if there is a reproducible test code.


> On Nov 21, 2018, at 10:31 AM, Oleg Golberg <ogolberg at> wrote:
> Hello,
> I'd like to report a potential SSLSocketImpl bug in OpenJDK-11.
> It appears that the TLS1.3-related work in OpenJDK-11 changed
> SSLSocketImpl.handleException to wrap underlying SocketExceptions in
> SSLProtocolExceptions.
> Specifically, before TLS1.3 changes, handleException simply rethrows
> IOExceptions (here:
> After TLS1.3 changes, handleException pipes a SocketException into
> .fatal(..) and then into Alert.UNEXPECTED_MESSAGE.createSslException which
> ultimately wraps the cause in an SSLProtocolException.
> First, this contradicts the SSLProtocolException javadoc which says that an
> SSLProtocolException "Reports an error in the operation of the SSL
> protocol. Normally this indicates a flaw in one of the protocol
> implementations."
> Additionally, there's existing, widely used code that relies on
> SocketExceptions being rethrown here. A good example is Apache HttpClient
> whose default retry logic excludes all SSLExceptions from being retried
> (see
> ).
> Thanks,
> - Oleg

More information about the jdk-dev mailing list