Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8130461

HandshakeStatus.NEED_UNWRAP_AGAIN applies only to DTLS

XMLWordPrintable

        We may want to consider the spec update request by Redhat in OpenJDK:

        Subject: New status code in SSLEngineResult.HandshakeStatus
        Date: Wed, 01 Jul 2015 11:45:52 -0500
        From: David M. Lloyd <david.lloyd@redhat.com>
        To: security-dev@openjdk.java.net, Xuelei Fan <xuelei.fan@oracle.com>


        It has caused some consternation among certain of our engineers that
        there is a new possible status code in SSLEngineResult.HandshakeStatus.
         If a new status were generally added, it would cause subtle or not so
        subtle breakage amount current SSLEngine consumers.

        I request that it be made more clear in the documentation that the new
        status code applies only to DTLS; something like this:

        diff --git
        a/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java
        b/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java
        index e2865e6..5473188 100644
        --- a/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java
        +++ b/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java
        @@ -156,6 +156,9 @@ public class SSLEngineResult {
                  * This value is used to indicate that not-yet-interpreted data
                  * has been previously received from the remote side, and does
                  * not need to be received again.
        + * <P>
        + * This result code is only used by DTLS and is not a possible
        + * result for stream-oriented TLS.
                  *
                  * @since 1.9
                  */

        Thanks.

        --
        - DML

              xuelei Xuelei Fan
              xuelei Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: