Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8161086

DTLS handshaking fails if some messages were lost

XMLWordPrintable

      DTLS client usually sends three messages in flight #5:

          ClientKeyExchange
          ChangeCipherSpec
          Finished

      See https://tools.ietf.org/html/rfc4347 for details.

      DTLS can be used over UDP connection which may result to packets lost. If a ClientKeyExchange message was lost while DTLS handshaking then it results to "ChangeCipherSpec message sequence violation" error because server tries to handle ChangeCipherSpec:

      javax.net.ssl.SSLProtocolException: ChangeCipherSpec message sequence violation
      at sun.security.ssl.HandshakeStateManager.changeCipherSpec(java.base@9-internal/HandshakeStateManager.java:891)
      at sun.security.ssl.Handshaker.receiveChangeCipherSpec(java.base@9-internal/Handshaker.java:1137)
      at sun.security.ssl.SSLEngineImpl.processInputRecord(java.base@9-internal/SSLEngineImpl.java:1142)
      at sun.security.ssl.SSLEngineImpl.readRecord(java.base@9-internal/SSLEngineImpl.java:998)
      at sun.security.ssl.SSLEngineImpl.readNetRecord(java.base@9-internal/SSLEngineImpl.java:895)
      at sun.security.ssl.SSLEngineImpl.unwrap(java.base@9-internal/SSLEngineImpl.java:673)
      at javax.net.ssl.SSLEngine.unwrap(java.base@9-internal/SSLEngine.java:624)
      at DTLSOverDatagram.handshake(DTLSOverDatagram.java:255)
      at DTLSOverDatagram.doServerSide(DTLSOverDatagram.java:116)
      at DTLSOverDatagram$Server.run(DTLSOverDatagram.java:678)
      at java.lang.Thread.run(java.base@9-internal/Thread.java:843)

      It might be better if a server handshaker could recognize such a situation, and let client re-send missing packets, so that handshaking may be successfully finished.

            xuelei Xuelei Fan
            asmotrak Artem Smotrakov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: