JDK-8212136 : Remove finalizer implementation in SSLSocketImpl
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2018-10-12
  • Updated: 2022-05-12
  • Resolved: 2022-05-09
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 19
19 b22Fixed
Related Reports
CSR :  
JDK-8286064 - Remove finalizer implementation in SSLSocketImpl
Relates :  
JDK-8253568 - Replace and mitigate Object.finalize() uses in JDK libraries
Relates :  
JDK-8274609 - JEP 421: Deprecate Finalization for Removal
Sub Tasks
JDK-8286065 :  
Release Note: Remove finalizer implementation in SSLSocketImpl - Resolved
Description
Object.Finalize has been deprecated and uses of finalize should be converted to use java.lang.ref.Cleaner.

The finalize method should be removed. 
Note that sockets that become unreferenced are closed by the Cleaner on the FileDescriptor.
Comments
Changeset: 034f20fe Author: Xue-Lei Andrew Fan <xuelei@openjdk.org> Date: 2022-05-09 14:15:18 +0000 URL: https://git.openjdk.java.net/jdk/commit/034f20fe86babb63bf178251a732ac004297cc2d
09-05-2022
The Socket implementation will take care of the file description/native memory release. The major purpose of the finalize() implementation is about sending the TLS close notify message. The finalize() implementation calls the close() method. If the socket is layered over a preexisting socket, the preexisting socket is closed by calling it close() method: self.close(); Otherwise, the SSLSocket.close() method will be called: super.close(); See the BaseSSLSocketImpl.close() method: @Override public void close() throws IOException { if (self == this) { super.close(); } else { self.close(); } } For layered over socket case, if the preexisting socket is not an SSLSocket object(which is the common case), no close_notify will be sent off course. If the preexisting socket is an SSLSocket object (which may be not common), the SSLSocketImpl.close() will be called and the close_notify could be sent. For non-layered over sockets, as super.close() is called, there is no close_notify delivered during the finalizing. Based on the cases above, the close_notify delivery may be not an expected behavior during finalization in practice. I would like to remove the finalize() method without adding a cleaner. Daniel Jelinski: IMO we should not send close_notify in the finalizer. It's the application's responsibility to send close_notify when it's done with the socket; we should not pretend that it was closed normally when it was not. Daniel Fuchs: An application should really close its sockets and not let them get garbage collected without closing them: this is sloppy. So brutally closing the underlying TCP connection in that case should be an acceptable behaviour, and that would be achieved by just removing the finalize.
02-05-2022
There is additional discussion taking place in the PR.
21-04-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk/pull/8065 Date: 2022-03-31 20:15:35 +0000
31-03-2022
The SunJSSE.finalizer had been removed.
31-03-2022