-
Enhancement
-
Resolution: Fixed
-
P2
-
5.0u8, 6
-
b81
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2134783 | 5.0u10 | Robert Mckenna | P2 | Resolved | Fixed | b02 |
Paraphrased from customer email:
In com.sun.net.ssl.internal.ssl.Record.java, maxDataSize is defined as 16384 as per the TLS 1.0 RFC (http://www.rfc.net/rfc2246.html Section 6.2.1). However, our partner's system is not compatible with the RFC, sending us 30KB TLS fragments. This incompatibility causes the following exception:
javax.net.ssl.SSLProtocolException: Input SSL/TLS record too big: max = 16665 len = 27314
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:770)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:674)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
at com.facetime.imstack.socket.impl.ssl.SslConnection.socketReadEvent(SslConnection.java:157)
at com.facetime.imstack.socket.impl.nio.NioConnection.selectedEvent(NioConnection.java:208)
at com.facetime.imstack.socket.impl.nio.NioDispatcher._processSelected(NioDispatcher.java:148)
at com.facetime.imstack.socket.impl.nio.NioDispatcher.run(NioDispatcher.java:214)
at java.lang.Thread.run(Thread.java:595)
While this is not a JDK issue, as the JSSE code is correct according to the RFC, it prevents the JDK from interoperating with these non-compliant stacks. The customer requests that the JDK code support interoperability with these stacks, either by being able to specify the maximum record size via a system property or similar, or by having the code dynamically detect incoming packets that are too large and handling them appropriately.
In com.sun.net.ssl.internal.ssl.Record.java, maxDataSize is defined as 16384 as per the TLS 1.0 RFC (http://www.rfc.net/rfc2246.html Section 6.2.1). However, our partner's system is not compatible with the RFC, sending us 30KB TLS fragments. This incompatibility causes the following exception:
javax.net.ssl.SSLProtocolException: Input SSL/TLS record too big: max = 16665 len = 27314
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:770)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:674)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
at com.facetime.imstack.socket.impl.ssl.SslConnection.socketReadEvent(SslConnection.java:157)
at com.facetime.imstack.socket.impl.nio.NioConnection.selectedEvent(NioConnection.java:208)
at com.facetime.imstack.socket.impl.nio.NioDispatcher._processSelected(NioDispatcher.java:148)
at com.facetime.imstack.socket.impl.nio.NioDispatcher.run(NioDispatcher.java:214)
at java.lang.Thread.run(Thread.java:595)
While this is not a JDK issue, as the JSSE code is correct according to the RFC, it prevents the JDK from interoperating with these non-compliant stacks. The customer requests that the JDK code support interoperability with these stacks, either by being able to specify the maximum record size via a system property or similar, or by having the code dynamically detect incoming packets that are too large and handling them appropriately.
- backported by
-
JDK-2134783 Need adjustable TLS max record size for interoperability with non-compliant stacks
-
- Resolved
-
- relates to
-
JDK-8227651 Tests fail with SSLProtocolException: Input record too big
-
- Resolved
-