Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8163419

Final CCS and Finished DTLS messages can't be re-transmitted

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Delivered
    • Icon: P2 P2
    • 9
    • 9
    • security-libs

      While DTLS handshaking, if some messages got lost, they should be re-created with new sequence numbers, and re-sent.

      It doesn't work with final CCS and Finished messages. If final CCS/Finished messages got lost, then further calls of SSLEngine.wrap() don't produce new CCS/Finished messages with new sequence numbers. It happens because SSLEngine switches to NOT_HANDSHAKING state, and expects application data. As a result, new CCS/Finished messages can't be generated.

      There is a workaround which may work sometimes (not sure about all DTLS implementations). Final CCS/Finished messages can be stored, and re-sent if necessary. But in this case, messages with old sequence numbers are re-sent which violates DTLS spec.

            xuelei Xuelei Fan
            asmotrak Artem Smotrakov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: