Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8207177

Close_notify should be consumed



      Reported in OpenJDK, http://mail.openjdk.java.net/pipermail/security-dev/2018-July/017571.html:
      I would like to report also the weird behavior during the close handshake (i.e. when one side decides to close the connection).

      1. client.closeOutbound() then goes into NEED_WRAP.
      2. Client wraps 24 bytes, result is CLOSED, then goes into NOT_HANDSHAKING (?)
      3. Server unwraps 24 bytes, result is CLOSED, then goes into NEED_WRAP.
      4. Server wraps 24 bytes, result is CLOSED, then goes into NOT_HANDSHAKING.
      5. Client unwraps 0 bytes (?)

      I think at step 2 the client should go into NEED_UNWRAP to read (at step 5) the server response to the close_notify.
      Instead, at step 5 the client unwraps 0 bytes so we are left with those 24 bytes from the server that applications need to discard.

      Also, I am not sure that the wrap result at step 2 and 3 should be CLOSED, perhaps OK is better?
      The server is actually closed at step 4, and the client at step 5. However, this is a minor issue.

      if the peer send the close_notify, the unwrap() should be able to consume the bytes (#5 above). The NEED_WRAP handshake status after the CLOSED status does not sound right as well.


          Issue Links



              • Assignee:
                xuelei Xue-Lei Fan
                xuelei Xue-Lei Fan
              • Votes:
                0 Vote for this issue
                3 Start watching this issue


                • Created: