Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8207317

SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy

    Details

    • Subcomponent:
    • Introduced In Build:
      b20
    • Resolved In Build:
      b28

      Backports

        Description

        I found a difference between JDKb20 and JDKb15 in the timing of handshake failure when the application protocol negotiation fails.
        Specifically, the behavior change is when the *SSLHandshakeException* is thrown,
         
        For TLSv1.2 ( with JDKb15), it is thrown immediately when server encounters the fatal error and *tries to send the fatal error to peer*
        For TLSv1.3 or TLSv1.2 (JDKb20), it is thrown after the server *successfully* sends the fatal error and *fails during when client receives the fatal error*
         
        For TLSv1.2 , In pre-JDKb20 (tested with JDKb15),
        1. Client wraps 264 bytes and goes to NEED_UNWRAP
        2. Server unwraps 264 bytes and goes to NEED_TASK
        3. Server runs delegated tasks and fails with fatal error: no_application_protocol (from logs), but API from java does not throw any error yet, and status changes to NEED_WRAP
        4. Server tries to wrap and the “wrap” call throws SSLHandshakeException: No matching ALPN values
         
        For TLS 1.3/TLSv1.2 (JDKb20),
        1. Client wraps 437 bytes and goes to NEED_UNWRAP
        2. Server unwraps 437 bytes and goes to NEED_TASK
        3. Server runs delegated tasks and fails with Fatal (NO_APPLICATION_PROTOCOL) (from logs), but API from java does not throw any error yet ,and status changes to NEED_WRAP
        4. Server wraps 7 bytes and goes to NOT_HANDSHAKING (over all status to CLOSED) and DOES NOT throw SSLHandshakeException - THIS IS THE CHANGE IN BEHAVIOR FROM TLSv1.2
        5. Client tries to unwrap 7 bytes and “unwrap” call throws SSLHandshakeException: Received fatal alert: no_application_protocol
         

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  wetmore Bradford Wetmore
                  Reporter:
                  bnallakaluva Bharath Nallakaluva (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  16 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: