JDK-8235263 : Revert TLS 1.3 change that wrapped IOExceptions
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 11,14
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2019-12-03
  • Updated: 2021-02-16
  • Resolved: 2019-12-04
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 14 JDK 8 Other
11.0.8-oracleFixed 13.0.4Fixed 14 b26Fixed 8u261Fixed openjdk8u292Fixed
Related Reports
Relates :  
Relates :  
In the SunJSSE provider, IOExceptions in application output stream was updated to be wrapped into SSLException so as to close underlying connections automatically.  However, there are compatibility impact reported (https://mail.openjdk.java.net/pipermail/security-dev/2019-December/020956.html).
Fix request (13u) Requesting backport to 13u for parity with 11u, applies cleanly.

Fix request (11u) -- will label after testing completed. I would like to downport this for parity with 11.0.8-oracle. Applies clean.

URL: https://hg.openjdk.java.net/jdk/jdk/rev/e3463d022cb9 User: xuelei Date: 2019-12-04 01:16:22 +0000

No new regression test. Simple update, the HttpComponents community had confirmed the patch.

In the HttpComponents compatibility impact report, the IOException was used to make the decision if re-try the connection when the connection failed. It is not a ideal to use specific exception and JSSE implementation details to switch business flow. However, as applications have used this way, we may want to fix the compatibility issue.