Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8241453

Document the jdk.tls.acknowledgeCloseNotify property

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 14.0.1
    • Component/s: docs
    • Labels:

      Backports

        Description

        Document the jdk.tls.acknowledgeCloseNotify property in the JSSE Reference Guide:

        jdk.tls.acknowledgeCloseNotify

        New section: Specifying that close_notify Alert Is Sent When One Is Received

        Default value: false

        Notes: If the system property is set to true, then when the client or server receives a close_notify alert, it sends a corresponding close_notify alert and the connection is duplex closed.

        Specifying that close_notify Alert Is Sent When One Is Received

        If the jdk.tls.acknowledgeCloseNotify system property is set to true, then when the client or server receives a close_notify alert, it sends a corresponding close_notify alert and the connection is duplex closed.

        TLS 1.2 and earlier versions use a duplex-close policy. However, TLS 1.3 uses a half-close policy, which means that the inbound and the outbound close_notify alerts are independent. When upgrading to TLS 1.3, unexpected behavior can occur if your application shuts down the TLS/DTLS connection by using only one of the SSLEngine.closeInbound() or SSLEngine.closeOutbound() methods but not both on each side of the connection. If your application unexpectedly hangs or times out when the underlying TLS/DTLS transportation is not duplex closed, you may need to set this property to true.

        Note that when a TLS/DTLS connection is no longer needed, the client and server applications should each close both sides of their respective connection.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  rgallard Raymond Gallardo
                  Reporter:
                  rgallard Raymond Gallardo
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: