Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8163419

Final CCS and Finished DTLS messages can't be re-transmitted

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2
    • Resolution: Delivered
    • Affects Version/s: 9
    • Fix Version/s: 9
    • Component/s: security-libs
    • Labels:

      Description

      While DTLS handshaking, if some messages got lost, they should be re-created with new sequence numbers, and re-sent.

      It doesn't work with final CCS and Finished messages. If final CCS/Finished messages got lost, then further calls of SSLEngine.wrap() don't produce new CCS/Finished messages with new sequence numbers. It happens because SSLEngine switches to NOT_HANDSHAKING state, and expects application data. As a result, new CCS/Finished messages can't be generated.

      There is a workaround which may work sometimes (not sure about all DTLS implementations). Final CCS/Finished messages can be stored, and re-sent if necessary. But in this case, messages with old sequence numbers are re-sent which violates DTLS spec.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              xuelei Xuelei Fan
              Reporter:
              asmotrak Artem Smotrakov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: