-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
8u121
Submitter report :
===============
Client initiated renegotiation is disabled on the server side using one of
the 2 mechanisms:
1) -Djdk.tls.rejectClientInitiatedRenegotiation=true
2) SSLSession.invalidate() and SSLSocket.setEnableSessionCreation(false)
I created a client side program that establishes the connection and invokes
SSLSocket.startHandshake(). It does not throw an IOException as one would
expect.
SSLSocketFactory f =
(SSLSocketFactory) SSLSocketFactory.getDefault();
int port = Integer.parseInt(args[1]);
SSLSocket c = (SSLSocket) f.createSocket(args[0], port);
Thread.currentThread().sleep(5000);
// Renegotiate the handshake
c.startHandshake();
In fact after the handshake a write() on the socket's BufferWriter() does not
throw an Exception either. A read operation gets an error though.
BufferedWriter w = new BufferedWriter(
new OutputStreamWriter(c.getOutputStream()));
w.write("HELLO"); // Does not throw exception either
w.flush();
System.out.println("Sleeping ...");
Thread.currentThread().sleep(5000);
BufferedReader r = new BufferedReader(
new InputStreamReader(c.getInputStream()));
String m = null;
while ((m=r.readLine())!= null) {
===============
Client initiated renegotiation is disabled on the server side using one of
the 2 mechanisms:
1) -Djdk.tls.rejectClientInitiatedRenegotiation=true
2) SSLSession.invalidate() and SSLSocket.setEnableSessionCreation(false)
I created a client side program that establishes the connection and invokes
SSLSocket.startHandshake(). It does not throw an IOException as one would
expect.
SSLSocketFactory f =
(SSLSocketFactory) SSLSocketFactory.getDefault();
int port = Integer.parseInt(args[1]);
SSLSocket c = (SSLSocket) f.createSocket(args[0], port);
Thread.currentThread().sleep(5000);
// Renegotiate the handshake
c.startHandshake();
In fact after the handshake a write() on the socket's BufferWriter() does not
throw an Exception either. A read operation gets an error though.
BufferedWriter w = new BufferedWriter(
new OutputStreamWriter(c.getOutputStream()));
w.write("HELLO"); // Does not throw exception either
w.flush();
System.out.println("Sleeping ...");
Thread.currentThread().sleep(5000);
BufferedReader r = new BufferedReader(
new InputStreamReader(c.getInputStream()));
String m = null;
while ((m=r.readLine())!= null) {