JDK-8207177 : Close_notify should be consumed
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 11
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2018-07-12
  • Updated: 2019-07-18
  • Resolved: 2018-07-18
Related Reports
Duplicate :  
JDK-8207009 - TLS 1.3 half-close and synchronization issues
Description
Reported in OpenJDK, http://mail.openjdk.java.net/pipermail/security-dev/2018-July/017571.html:
-------------------------------------
I would like to report also the weird behavior during the close handshake (i.e. when one side decides to close the connection).

1. client.closeOutbound() then goes into NEED_WRAP.
2. Client wraps 24 bytes, result is CLOSED, then goes into NOT_HANDSHAKING (?)
3. Server unwraps 24 bytes, result is CLOSED, then goes into NEED_WRAP.
4. Server wraps 24 bytes, result is CLOSED, then goes into NOT_HANDSHAKING.
5. Client unwraps 0 bytes (?)

I think at step 2 the client should go into NEED_UNWRAP to read (at step 5) the server response to the close_notify.
Instead, at step 5 the client unwraps 0 bytes so we are left with those 24 bytes from the server that applications need to discard.

Also, I am not sure that the wrap result at step 2 and 3 should be CLOSED, perhaps OK is better?
The server is actually closed at step 4, and the client at step 5.  However, this is a minor issue.
-------------------------------

if the peer send the close_notify, the unwrap() should be able to consume the bytes (#5 above).  The NEED_WRAP handshake status after the  CLOSED status does not sound right as well.
Comments
This issue will be fix together with JDK-8207009.
18-07-2018
In TLS 1.3, half-close policy is used. The server may not response with the close_notify for client close_notify request. See the "Closure Alerts" section for more details: https://tools.ietf.org/html/draft-ietf-tls-tls13-28#section-6.1 It is a little bit complicated when moving from the duplex-close to half-close policy. In order to mitigate the compatibility impact, in JDK implementation, if the local send the close_notify, we choose to close the underlying socket as well if needed. But, if the peer send the close_notify, the unwrap() should be able to consume the bytes. It looks like a implementation bug to me.
12-07-2018