-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
11
Reported in OpenJDK, http://mail.openjdk.java.net/pipermail/security-dev/2018-July/017571.html:
-------------------------------------
I would like to report also the weird behavior during the close handshake (i.e. when one side decides to close the connection).
1. client.closeOutbound() then goes into NEED_WRAP.
2. Client wraps 24 bytes, result is CLOSED, then goes into NOT_HANDSHAKING (?)
3. Server unwraps 24 bytes, result is CLOSED, then goes into NEED_WRAP.
4. Server wraps 24 bytes, result is CLOSED, then goes into NOT_HANDSHAKING.
5. Client unwraps 0 bytes (?)
I think at step 2 the client should go into NEED_UNWRAP to read (at step 5) the server response to the close_notify.
Instead, at step 5 the client unwraps 0 bytes so we are left with those 24 bytes from the server that applications need to discard.
Also, I am not sure that the wrap result at step 2 and 3 should be CLOSED, perhaps OK is better?
The server is actually closed at step 4, and the client at step 5. However, this is a minor issue.
-------------------------------
if the peer send the close_notify, the unwrap() should be able to consume the bytes (#5 above). The NEED_WRAP handshake status after the CLOSED status does not sound right as well.
-------------------------------------
I would like to report also the weird behavior during the close handshake (i.e. when one side decides to close the connection).
1. client.closeOutbound() then goes into NEED_WRAP.
2. Client wraps 24 bytes, result is CLOSED, then goes into NOT_HANDSHAKING (?)
3. Server unwraps 24 bytes, result is CLOSED, then goes into NEED_WRAP.
4. Server wraps 24 bytes, result is CLOSED, then goes into NOT_HANDSHAKING.
5. Client unwraps 0 bytes (?)
I think at step 2 the client should go into NEED_UNWRAP to read (at step 5) the server response to the close_notify.
Instead, at step 5 the client unwraps 0 bytes so we are left with those 24 bytes from the server that applications need to discard.
Also, I am not sure that the wrap result at step 2 and 3 should be CLOSED, perhaps OK is better?
The server is actually closed at step 4, and the client at step 5. However, this is a minor issue.
-------------------------------
if the peer send the close_notify, the unwrap() should be able to consume the bytes (#5 above). The NEED_WRAP handshake status after the CLOSED status does not sound right as well.
- duplicates
-
-
- Closed
-