Details

      Description

      A new system property, `jdk.tls.acknowledgeCloseNotify`, has been added. The default value of the system property is `false`. If the system property is set to `true`, a corresponding `close_notify` alert will be sent when receiving a `close_notify` alert, and the connection will be duplex closed.

      TLS 1.2 and prior versions use a duplex-close policy, while TLS 1.3 uses a half-close policy. The inbound and the outbound `close_notify` alerts for TLS 1.3 are independent. When upgrading to TLS 1.3, unexpected behavior can occur if your application shuts down the (D)TLS connection by using only one of the `SSLEngine.closeInbound()` or `SSLEngine.closeOutbound()` APIs, but not both in each side of the connection. If your application exhibits unexpected hangs or timeouts when the underlying (D)TLS transportation is not duplex closed, you may need to set this property to `true`.

      Note that when a TLS/DTLS connection is no longer needed, the client and server applications should each close both sides of their respective connection.

        Attachments

          Activity

            People

            • Assignee:
              xuelei Xue-Lei Fan
              Reporter:
              xuelei Xue-Lei Fan
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: