JDK-7173811 : setTcpNoDelay(false) interact wrongly with JSSE
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 7
  • Priority: P3
  • Status: Closed
  • Resolution: Not an Issue
  • OS: linux
  • CPU: x86
  • Submitted: 2012-06-02
  • Updated: 2012-09-06
  • Resolved: 2012-06-05
Related Reports
Relates :  
JDK-7157903 - JSSE client sockets are very slow
Description
FULL PRODUCT VERSION :
java version "1.7.0_04"
Java(TM) SE Runtime Environment (build 1.7.0_04-b20)
Java HotSpot(TM) Server VM (build 23.0-b21, mixed mode)


ADDITIONAL OS VERSION INFORMATION :
linux 3.3.7-1.fc16.i686.PAE but seems to be an all OS I have tested.

A DESCRIPTION OF THE PROBLEM :
When setTcpNoDelay(false)  a SSLSocket splits a message in 2 SSL packets one with one byte of data the other with the rest.

REGRESSION.  Last worked in version 6u31

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
            SSLSocket socket = (SSLSocket) socketFactory.createSocket(this.url.getHost(), this.url.getPort());
            socket.setSoTimeout(10000);
            socket.setTcpNoDelay(false); // Seems to be the default.

  To write a chunk I do:

    protected static void writechunk(OutputStream os, String data) throws Exception {
        String chunkSize = Integer.toHexString(data.length());
        os.write((chunkSize + CRLF + data + CRLF).getBytes());
        os.flush();
    }

The server (jbossweb) complains the chunk size is cut in 2 pieces.

The -Djavax.net.debug=all shows that the data a cut in 2 TLSv1 packets which doesn't make sense.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Padded plaintext before ENCRYPTION:  len = 31
0000: 61 0D 0A 54 65 73 74 69   6E 67 2E 2E 2E 0D 0A 69  a..Testing.....i
0010: A2 08 29 B4 B7 98 6F 92   8D 3B 1F E8 E5 3B 77     ..)...o..;...;w
Thread-1, WRITE: TLSv1 Application Data, length = 31
[Raw write]: length = 36
0000: 17 03 01 00 1F 2B 1C FB   00 E6 A5 27 59 6F F8 6C  .....+.....'Yo.l
0010: D1 CF BE E3 DD C8 73 FF   77 57 A9 A6 00 F2 FE 1F  ......s.wW......
0020: 75 4B 24 38                                        uK$8

ACTUAL -
Padded plaintext before ENCRYPTION:  len = 32
0000: 61 BA B9 10 DB 71 5C BE   91 97 BF 46 21 8D DC 54  a....q\....F!..T
0010: 66 72 AC 15 C4 0A 0A 0A   0A 0A 0A 0A 0A 0A 0A 0A  fr..............
Thread-1, WRITE: TLSv1 Application Data, length = 32
[Raw write]: length = 37
0000: 17 03 01 00 20 97 12 45   DC 94 D6 C7 AA E9 17 EC  .... ..E........
0010: D3 6F 23 EF FC 8F 32 C7   C7 46 51 E9 FE 2E 72 3A  .o#...2..FQ...r:
0020: 78 39 5D 9D 6F                                     x9].o
Padded plaintext before ENCRYPTION:  len = 48
0000: 0D 0A 54 65 73 74 69 6E   67 2E 2E 2E 0D 0A 7C 43  ..Testing......C
0010: A3 17 96 A8 7B C6 05 0F   C8 3A 70 62 FA B3 00 9E  .........:pb....
0020: FE 65 0D 0D 0D 0D 0D 0D   0D 0D 0D 0D 0D 0D 0D 0D  .e..............
Thread-1, WRITE: TLSv1 Application Data, length = 48
[Raw write]: length = 53
0000: 17 03 01 00 30 FA 74 27   79 2D C0 16 A4 78 EF 74  ....0.t'y-...x.t
0010: CD CC D6 2D C0 D1 98 86   3A 42 7E FF 1C 15 C6 CA  ...-....:B......
0020: 13 A6 4C 4F AE 30 73 A8   65 93 99 07 42 FD 53 AA  ..LO.0s.e...B.S.
0030: 84 4C D0 BC C4

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
Use:
            SSLSocket socket = (SSLSocket) socketFactory.createSocket(this.url.getHost(), this.url.getPort());
            socket.setSoTimeout(10000);
            socket.setTcpNoDelay(true);
Comments
PUBLIC COMMENTS Applications must be able to handle split packets at any layer (TCP/SSL). Close it as "Not a Defect".
05-06-2012
EVALUATION One thing I'm not sure about. Yhe submitter said that the last worked version is 6u31. I think he should run into the same problems in 6u31. Need a confirm from the submitter.
05-06-2012