Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8163419

Final CCS and Finished DTLS messages can't be re-transmitted

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2
    • Resolution: Delivered
    • Affects Version/s: 9
    • Fix Version/s: 9
    • Component/s: security-libs
    • Labels:

      Description

      While DTLS handshaking, if some messages got lost, they should be re-created with new sequence numbers, and re-sent.

      It doesn't work with final CCS and Finished messages. If final CCS/Finished messages got lost, then further calls of SSLEngine.wrap() don't produce new CCS/Finished messages with new sequence numbers. It happens because SSLEngine switches to NOT_HANDSHAKING state, and expects application data. As a result, new CCS/Finished messages can't be generated.

      There is a workaround which may work sometimes (not sure about all DTLS implementations). Final CCS/Finished messages can be stored, and re-sent if necessary. But in this case, messages with old sequence numbers are re-sent which violates DTLS spec.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                xuelei Xue-Lei Fan
                Reporter:
                asmotrak Artem Smotrakov
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: