-
Enhancement
-
Resolution: Delivered
-
P4
-
8, 9
-
b21
A DESCRIPTION OF THE REQUEST :
The URICertStore does not set a read timeout. This allows a misbehaving CRL to block a connection on CRL checking.
This should be limited in the same way the connection timeout is limited to 15 seconds. This may be forced globally by setting the sun.net.client.defaultReadTimeout, but this has global scope. A 15 second read timeout also seems reasonable.
Alternatively, a new property com.sun.security.crl.readtimeout may be added to specifically target the read timeout on a CRL check.
JUSTIFICATION :
A CRL check should not be able to block, or hold the resources the flow of critical code for a long period of time. This could negatively affect a service.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A default read timeout of 15 seconds should be applied with an optional property com.sun.security.crl.readtimeout being introduced to set the timeout specifically for the purpose of CRL checking.
ACTUAL -
The current implementation allows a misbehaving CRL to indefinitely block a connection.
---------- BEGIN SOURCE ----------
Full PoC available upon request.
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Execute the Java application with -Dsun.net.client.defaultReadTimeout=15000
The URICertStore does not set a read timeout. This allows a misbehaving CRL to block a connection on CRL checking.
This should be limited in the same way the connection timeout is limited to 15 seconds. This may be forced globally by setting the sun.net.client.defaultReadTimeout, but this has global scope. A 15 second read timeout also seems reasonable.
Alternatively, a new property com.sun.security.crl.readtimeout may be added to specifically target the read timeout on a CRL check.
JUSTIFICATION :
A CRL check should not be able to block, or hold the resources the flow of critical code for a long period of time. This could negatively affect a service.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A default read timeout of 15 seconds should be applied with an optional property com.sun.security.crl.readtimeout being introduced to set the timeout specifically for the purpose of CRL checking.
ACTUAL -
The current implementation allows a misbehaving CRL to indefinitely block a connection.
---------- BEGIN SOURCE ----------
Full PoC available upon request.
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Execute the Java application with -Dsun.net.client.defaultReadTimeout=15000
- csr for
-
JDK-8223310 Configurable read timeout for CRLs
-
- Closed
-
- duplicates
-
JDK-8223061 Missing Read Timeout for CRL load
-
- Closed
-