The Sun JSSE implementation does not fully support socket timeouts (Socket setSoTimeout() method). If the timeout occurs while reading the first bytes of the record, timeouts work as expected. However, when the timeout occurs in the middle of reading a record, we "forget" that we already have partial data in the record buffer. This causes subsequent reads to fail with an SSLException.
Typically, we will receive all TCP packets that make up an SSL record in quick succession. This makes it very unlikely that a timeout occurs in the middle of reading a record. Consequently, timeouts will work in those cases. However, there may be situations where this does not hold, which would make applications that use socket timeouts with SSL sockets unreliable.
Still, I am filing this as a low priority bug because timeouts are typically used for two reasons:
. simulate non-blocking I/O by setting the timeout to a low value (1 ms). This is vastly less efficient than the real non-blocking I/O functionality offered by the NIO APIs, which will be supported with JSSE in Tiger (see 4495742). Therefore, this pattern should no longer be used.
. detect "dead" peers. In many cases, the socket will simply be closed if a dead peer is detected. As such, it does not matter if further reads from the socket would fail.