-
Bug
-
Resolution: Fixed
-
P2
-
8u45, 9
-
b144
-
x86
-
linux
-
Verified
FULL PRODUCT VERSION :
openjdk version "1.8.0_45"
OpenJDK Runtime Environment (build 1.8.0_45-b14)
OpenJDK 64-Bit Server VM (build 25.45-b02, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux webczatnet 4.0.1-1-ARCH #1 SMP Thu Apr 30 18:56:34 CEST 2015 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
It seems that when a SSLEngine, during the unwrap call, receives a fatal tls alert from the other side, the engine is not closed.
I believe that the tls spec says that the connection should be closed immediately after such a fatal alert is received without sending closure alerts, but after receiving a fatal alert, the SSLEngine's isInboundDone() and isOutboundDone() both return false.
Also, it is not possible to call wrap, it does not do anything and returns status OK, calling unwrap would try to parse the data in question instead of closing the engine too even in case of later errors), and calling closeOutbound() after receiving a fatal alert generates normal closure messages.
In my test case, I have received the fatal alert at the beginning of the handshake, in response to client hello, because of no common cipher suites.
REPRODUCIBILITY :
This bug can be reproduced always.
openjdk version "1.8.0_45"
OpenJDK Runtime Environment (build 1.8.0_45-b14)
OpenJDK 64-Bit Server VM (build 25.45-b02, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux webczatnet 4.0.1-1-ARCH #1 SMP Thu Apr 30 18:56:34 CEST 2015 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
It seems that when a SSLEngine, during the unwrap call, receives a fatal tls alert from the other side, the engine is not closed.
I believe that the tls spec says that the connection should be closed immediately after such a fatal alert is received without sending closure alerts, but after receiving a fatal alert, the SSLEngine's isInboundDone() and isOutboundDone() both return false.
Also, it is not possible to call wrap, it does not do anything and returns status OK, calling unwrap would try to parse the data in question instead of closing the engine too even in case of later errors), and calling closeOutbound() after receiving a fatal alert generates normal closure messages.
In my test case, I have received the fatal alert at the beginning of the handshake, in response to client hello, because of no common cipher suites.
REPRODUCIBILITY :
This bug can be reproduced always.