Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8214339

SSLSocketImpl erroneously wraps SocketException

XMLWordPrintable

    • 11
    • b25
    • x86_64
    • linux
    • Verified

        A DESCRIPTION OF THE PROBLEM :
        It appears that the TLS1.3-related work in OpenJDK-11 changed SSLSocketImpl.handleException to wrap underlying SocketExceptions in SSLProtocolExceptions.

        Specifically, before TLS1.3 changes, handleException simply rethrows IOExceptions (here: https://github.com/unofficial-openjdk/openjdk/blob/322f09b333edd0d26594c52fab7a5346f7b40578/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java#L1895). After TLS1.3 changes, handleException pipes a SocketException into .fatal(..) and then into Alert.UNEXPECTED_MESSAGE.createSslException which ultimately wraps the cause in an SSLProtocolException.

        First, this contradicts the SSLProtocolException javadoc which says that an SSLProtocolException "Reports an error in the operation of the SSL protocol. Normally this indicates a flaw in one of the protocol implementations."

        Additionally, there's existing, widely used code that relies on SocketExceptions being rethrown here. A good example is Apache HttpClient whose default retry logic excludes all SSLExceptions from being retried (see https://hc.apache.org/httpcomponents-client-ga/httpclient/xref/org/apache/http/impl/client/DefaultHttpRequestRetryHandler.html#L104).

        REGRESSION : Last worked in version 10.0.2

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        Please find a test that reproduces the issue here https://github.com/ogolberg/java-11-sslcontextimpl-bug

        It passes on Java 10- and fails on Java 11.


          1. java-11-sslcontextimpl-bug-master.zip
            58 kB

              xuelei Xuelei Fan
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: