[jira] [Commented] (HTTPCORE-571) SSLSocket input / output closing causes issues with TLSv1.3 SSLEngine

Tue, 12 Feb 2019 07:31:10 -0800 


    [ 
https://issues.apache.org/jira/browse/HTTPCORE-571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16766150#comment-16766150
 ] 

Jay Modi commented on HTTPCORE-571:
-----------------------------------

[~olegk] thanks for looking at this and following up. I did report it and it 
was suggested that it is a bug on their end, see 
[http://mail.openjdk.java.net/pipermail/security-dev/2019-February/019301.html].
 The bug referenced is not public though. I completely agree that the code in 
the classic connections should work and there is not a bug there; I opened this 
issue as a discussion to see if it would be possible to add this workaround for 
a broken JDK; I think it is perfectly acceptable to say no (hence labeling as a 
improvement rather than a bug).

My reasoning for suggesting this is that we should expect sockets, especially 
ssl sockets, to handle closing properly when the close method is called and 
shouldn't need to manually shutdown inputs and outputs. Maybe there are some 
cases I do not know of where this needs to be done manually?

> SSLSocket input / output closing causes issues with TLSv1.3 SSLEngine
> ---------------------------------------------------------------------
>
>                 Key: HTTPCORE-571
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-571
>             Project: HttpComponents HttpCore
>          Issue Type: Improvement
>          Components: HttpCore
>    Affects Versions: 4.4.11
>            Reporter: Jay Modi
>            Priority: Major
>
> I've been doing some testing with TLSv1.3 and came across some interesting 
> behavior in the OpenJDK SSLEngine running in server mode and being accessed 
> with HttpClient. The server side winds up in a loop trying to wrap data to 
> send the close. I tracked down the trigger for the issue to the shutdown of 
> the input and output on the socket manually before closing. I'll also be 
> reporting this on the OpenJDK mailing list as that's where the real issue is.
>  
> However, I'm wondering if as an improvement the close() method of 
> BHttpConnectionBase could special case SSLSocket? I came across HTTPCORE-22, 
> which mentions that this would throw an UnsupportedOperationException in some 
> JDKs when used with a SSLSocket, so maybe just doing an instanceof check and 
> calling close() if it is an SSLSocket might be best?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to