-
Bug
-
Resolution: Delivered
-
P2
-
9
-
generic
-
generic
While DTLS handshaking, if some messages got lost, they should be re-created with new sequence numbers, and re-sent.
It doesn't work with final CCS and Finished messages. If final CCS/Finished messages got lost, then further calls of SSLEngine.wrap() don't produce new CCS/Finished messages with new sequence numbers. It happens because SSLEngine switches to NOT_HANDSHAKING state, and expects application data. As a result, new CCS/Finished messages can't be generated.
There is a workaround which may work sometimes (not sure about all DTLS implementations). Final CCS/Finished messages can be stored, and re-sent if necessary. But in this case, messages with old sequence numbers are re-sent which violates DTLS spec.
It doesn't work with final CCS and Finished messages. If final CCS/Finished messages got lost, then further calls of SSLEngine.wrap() don't produce new CCS/Finished messages with new sequence numbers. It happens because SSLEngine switches to NOT_HANDSHAKING state, and expects application data. As a result, new CCS/Finished messages can't be generated.
There is a workaround which may work sometimes (not sure about all DTLS implementations). Final CCS/Finished messages can be stored, and re-sent if necessary. But in this case, messages with old sequence numbers are re-sent which violates DTLS spec.
- blocks
-
JDK-8159416 javax/net/ssl/DTLS/CipherSuite.java failed on timeout
-
- Closed
-
- duplicates
-
JDK-8161086 DTLS handshaking fails if some messages were lost
-
- Closed
-
- relates to
-
JDK-8263571 Final CCS and Finished DTLS messages can't be re-transmitted
-
- Open
-