Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8209893

SSLSocket weird behavior in JDK 11+27

    Details

    • Type: Bug
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: 11
    • Fix Version/s: tbd
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Introduced In Build:
      b27
    • Introduced In Version:
      11

      Description

      Reported in OpenJDK
          http://mail.openjdk.java.net/pipermail/security-dev/2018-August/017985.html
      --------------------------------------
      SSLSocket is behaving weird in 11+27.
      In particular:

      * Setup a SSLServerSocket.
      * Connect with a normal Socket (rawClient).
      * Wrap rawClient into a SSLSocket (sslClient).
      * sslClient.startHandshake()

      Now a few cases:

      A) immediate rawClient.close()
      If the server is reading via InputStream.read(), then it reads -1.
      But if the server reads via InputStream.read(byte[]), then
      SSLProtocolException is thrown.
      I believe the second behavior is correct, as the client does not send
      the close_notify, so the server should throw?

      B) sslClient writes data + rawClient.close()
      The server reads correctly the data, then reads -1, both with read()
      and read(byte[]).
      I believe this is wrong as close_notify is not sent by the client.

      Running the example with JDK 10 always produces no exceptions and
      always reads -1.

      Below you can find a reproducible case.

      Thanks!

      ----

          public static void main(String[] args) throws Exception
          {
              SSLContext sslContext = __sslCtxFactory.getSslContext();
              int port = 8443;
              try (SSLServerSocket sslServer =
      (SSLServerSocket)sslContext.getServerSocketFactory().createServerSocket(port))
              {
                  Socket rawClient = new Socket("localhost", port);
                  SSLSocket sslClient =
      (SSLSocket)sslContext.getSocketFactory().createSocket(rawClient,
      "localhost", port, false);

                  SSLSocket socket = (SSLSocket)sslServer.accept();

                  CountDownLatch latch = new CountDownLatch(1);
                  new Thread(() ->
                  {
                      try
                      {
                          while (true)
                          {
      // byte[] buffer = new byte[1024];
      // int read = socket.getInputStream().read(buffer);
                              int read = socket.getInputStream().read();
                              System.err.println("read = " + read);
                              if (read < 0)
                                  break;
                          }
                      }
                      catch (IOException x)
                      {
                          x.printStackTrace();
                      }
                      finally
                      {
                          latch.countDown();
                      }
                  }).start();

                  sslClient.startHandshake();

      // OutputStream output = sslClient.getOutputStream();
      // output.write(0);
      // output.flush();

                  // Raw close.
                  rawClient.close();

                  latch.await(10, TimeUnit.SECONDS);
              }
          }

        Attachments

          Activity

            People

            • Assignee:
              jnimeh Jamil Nimeh
              Reporter:
              xuelei Xue-Lei Fan
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: