SSLSocketImpl improperly wraps SocketException in SSLProtocolException
ogolberg at toasttab.com
Thu Nov 22 17:52:53 UTC 2018
Doesn't look like https://bugs.openjdk.java.net allows anonymous bug
reports. Is there somewhere else I should file this?
I have repro tests here:
On Wed, Nov 21, 2018 at 2:08 PM Xuelei Fan <Xuelei.Fan at oracle.com> wrote:
> Thanks for reporting the issue. Did you have the thread stacks of the
> unexpected exception?
> Please file a bug. I’d appreciate it if there is a reproducible test code.
> > On Nov 21, 2018, at 10:31 AM, Oleg Golberg <ogolberg at toasttab.com>
> > Hello,
> > I'd like to report a potential SSLSocketImpl bug in OpenJDK-11.
> > It appears that the TLS1.3-related work in OpenJDK-11 changed
> > SSLSocketImpl.handleException to wrap underlying SocketExceptions in
> > SSLProtocolExceptions.
> > Specifically, before TLS1.3 changes, handleException simply rethrows
> > IOExceptions (here:
> > After TLS1.3 changes, handleException pipes a SocketException into
> > .fatal(..) and then into Alert.UNEXPECTED_MESSAGE.createSslException
> > ultimately wraps the cause in an SSLProtocolException.
> > First, this contradicts the SSLProtocolException javadoc which says that
> > SSLProtocolException "Reports an error in the operation of the SSL
> > protocol. Normally this indicates a flaw in one of the protocol
> > implementations."
> > Additionally, there's existing, widely used code that relies on
> > SocketExceptions being rethrown here. A good example is Apache HttpClient
> > whose default retry logic excludes all SSLExceptions from being retried
> > (see
> > ).
> > Thanks,
> > - Oleg
More information about the jdk-dev