Details
-
Bug
-
Resolution: Fixed
-
P3
-
None
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8241454 | 11.0.7-oracle | Raymond Gallardo | P3 | Resolved | Fixed |
Description
Document the jdk.tls.acknowledgeCloseNotify property in the JSSE Reference Guide:
jdk.tls.acknowledgeCloseNotify
New section: Specifying that close_notify Alert Is Sent When One Is Received
Default value: false
Notes: If the system property is set to true, then when the client or server receives a close_notify alert, it sends a corresponding close_notify alert and the connection is duplex closed.
Specifying that close_notify Alert Is Sent When One Is Received
If the jdk.tls.acknowledgeCloseNotify system property is set to true, then when the client or server receives a close_notify alert, it sends a corresponding close_notify alert and the connection is duplex closed.
TLS 1.2 and earlier versions use a duplex-close policy. However, TLS 1.3 uses a half-close policy, which means that the inbound and the outbound close_notify alerts are independent. When upgrading to TLS 1.3, unexpected behavior can occur if your application shuts down the TLS/DTLS connection by using only one of the SSLEngine.closeInbound() or SSLEngine.closeOutbound() methods but not both on each side of the connection. If your application unexpectedly hangs or times out when the underlying TLS/DTLS transportation is not duplex closed, you may need to set this property to true.
Note that when a TLS/DTLS connection is no longer needed, the client and server applications should each close both sides of their respective connection.
jdk.tls.acknowledgeCloseNotify
New section: Specifying that close_notify Alert Is Sent When One Is Received
Default value: false
Notes: If the system property is set to true, then when the client or server receives a close_notify alert, it sends a corresponding close_notify alert and the connection is duplex closed.
Specifying that close_notify Alert Is Sent When One Is Received
If the jdk.tls.acknowledgeCloseNotify system property is set to true, then when the client or server receives a close_notify alert, it sends a corresponding close_notify alert and the connection is duplex closed.
TLS 1.2 and earlier versions use a duplex-close policy. However, TLS 1.3 uses a half-close policy, which means that the inbound and the outbound close_notify alerts are independent. When upgrading to TLS 1.3, unexpected behavior can occur if your application shuts down the TLS/DTLS connection by using only one of the SSLEngine.closeInbound() or SSLEngine.closeOutbound() methods but not both on each side of the connection. If your application unexpectedly hangs or times out when the underlying TLS/DTLS transportation is not duplex closed, you may need to set this property to true.
Note that when a TLS/DTLS connection is no longer needed, the client and server applications should each close both sides of their respective connection.
Attachments
Issue Links
- backported by
-
JDK-8241454 Document the jdk.tls.acknowledgeCloseNotify property
-
- Resolved
-