You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2019/02/09 12:35:00 UTC

[jira] [Commented] (HTTPCORE-571) SSLSocket input / output closing causes issues with TLSv1.3 SSLEngine

    [ https://issues.apache.org/jira/browse/HTTPCORE-571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16764129#comment-16764129 ] 

Oleg Kalnichevski commented on HTTPCORE-571:
--------------------------------------------

[~jaymode] I looked at the [close|https://github.com/apache/httpcomponents-core/blob/master/httpcore5/src/main/java/org/apache/hc/core5/http/impl/io/BHttpConnectionBase.java#L239] method implementation in the classic (blocking) connections and I could not see anything wrong there. The method explicitly puts the socket into a half-closed state first by closing the output stream and notifying the opposite endpoint it is not going to send any more data and then closes the input stream and discards any unexpected input from the opposite endpoint. This looks correct to me. The TLSv1.3 close notify handshake should work the same way. What would be the reason for treating TLS/SSL sockets differently?

Oleg

> SSLSocket input / output closing causes issues with TLSv1.3 SSLEngine
> ---------------------------------------------------------------------
>
>                 Key: HTTPCORE-571
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-571
>             Project: HttpComponents HttpCore
>          Issue Type: Improvement
>          Components: HttpCore
>    Affects Versions: 4.4.11
>            Reporter: Jay Modi
>            Priority: Major
>
> I've been doing some testing with TLSv1.3 and came across some interesting behavior in the OpenJDK SSLEngine running in server mode and being accessed with HttpClient. The server side winds up in a loop trying to wrap data to send the close. I tracked down the trigger for the issue to the shutdown of the input and output on the socket manually before closing. I'll also be reporting this on the OpenJDK mailing list as that's where the real issue is.
>  
> However, I'm wondering if as an improvement the close() method of BHttpConnectionBase could special case SSLSocket? I came across HTTPCORE-22, which mentions that this would throw an UnsupportedOperationException in some JDKs when used with a SSLSocket, so maybe just doing an instanceof check and calling close() if it is an SSLSocket might be best?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org