Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8274524

SSLSocket.close() hangs if it is called during the ssl handshake

    XMLWordPrintable

Details

    Backports

      Description

        JCK test api/javax_net/ssl/SSLSocket/setUseClientMode.html fails on Linux & NioSocket with "Error. test was interrupted! (timeout?)"

        During TLS handshake socket read operations are not protected by readLock. Here is a stack trace of the read during handshake:
        at java.base/sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:48)
        at java.base/sun.nio.ch.NioSocketImpl.tryRead(NioSocketImpl.java:261)
        at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:312)
        at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:350)
        at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:803)
        at java.base/java.net.Socket$SocketInputStream.read(Socket.java:981)
        at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:478)
        at java.base/sun.security.ssl.SSLSocketInputRecord.readFully(SSLSocketInputRecord.java:461)
        at java.base/sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(SSLSocketInputRecord.java:243)
        at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:181)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:110)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1491)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1397)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:444)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:415)

        SSLSocket.close() also reads from socket after JDK-8268965:
        at java.base/sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:48)
        at java.base/sun.nio.ch.NioSocketImpl.tryRead(NioSocketImpl.java:261)
        at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:312)
        at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:350)
        at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:803)
        at java.base/java.net.Socket$SocketInputStream.read(Socket.java:981)
        at java.base/java.io.InputStream.skip(InputStream.java:544)
        at java.base/sun.security.ssl.SSLSocketInputRecord.deplete(SSLSocketInputRecord.java:504)
        at java.base/sun.security.ssl.SSLSocketImpl.closeSocket(SSLSocketImpl.java:1762)
        at java.base/sun.security.ssl.SSLSocketImpl.shutdown(SSLSocketImpl.java:1739)
        at java.base/sun.security.ssl.SSLSocketImpl.bruteForceCloseInput(SSLSocketImpl.java:773)
        at java.base/sun.security.ssl.SSLSocketImpl.duplexCloseOutput(SSLSocketImpl.java:638)
        at java.base/sun.security.ssl.SSLSocketImpl.close(SSLSocketImpl.java:570)

        InputStream.skip() is implemented as a simple read from NIO socket without any locks. It is implemented as a loop of read(available()) As result, in case of called concurrently, SSLSocket.close() could hangs trying to read available bytes from socket, while startHandshake() already read them

        The issue does not affect concurrent SSLSocket.close() and application input stream because of SSLSocketInputRecord.deplete() is protected by Application Input Stream read lock.

        Attachments

          Issue Links

            Activity

              People

                abakhtin Alexey Bakhtin
                abakhtin Alexey Bakhtin
                Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: