JDK-8241372 : Several test failures due to javax.net.ssl.SSLException: Connection reset
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 11,15,17
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2020-03-20
  • Updated: 2024-04-15
  • Resolved: 2021-02-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 16 JDK 17 JDK 7 JDK 8
11.0.12-oracleFixed 16.0.1Fixed 17 b10Fixed 7u311Fixed 8u301Fixed
Related Reports
Duplicate :  
JDK-8240233 - SSLSocketImpl/SSLSocketBruceForceClose.java failed due to "SSLException: readHandshakeRecord"
Duplicate :  
JDK-8241368 - SSLSession/TestEnabledProtocols.java failed due to SSLException: Connection reset
Duplicate :  
JDK-8240833 - SSLSocketImpl/ReverseNameLookup.java failed due to "SSLException: Connection reset"
Duplicate :  
JDK-8234098 - CipherSuite/SupportedGroups.java failed due to "Client died: javax.net.ssl.SSLException: Connection reset"
Duplicate :  
JDK-8229383 - javax/net/ssl/TLSCommon/TLSTest.java failed due to "SSLException: Connection reset"
Relates :  
JDK-8330278 - Have SSLSocketTemplate.doClientSide use loopback address
Relates :  
JDK-8230858 - Replace wildcard address with loopback or local host in tests - part 23
Description
We have several intermittent test failures in CI due to javax.net.ssl.SSLException: Connection reset. This is the master bug to collectively address those.

Failure seen so far for:
javax/net/ssl/SSLSession/TestEnabledProtocols.java
sun/security/ssl/SSLSocketImpl/ReverseNameLookup.java
javax/net/ssl/TLSCommon/TLSTest.java
sun/security/ssl/CipherSuite/SupportedGroups.java
Comments
Today I observed a similar exception on macOS aarch64 in javax/net/ssl/TLSCommon/TLSWithEdDSA.java (jdk21 test) : ===== EdDSA Client Authentication: TLSv1.3 ===== Client died: java.net.SocketException: Connection reset java.net.SocketException: Connection reset at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:313) at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:340) at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:789) at java.base/java.net.Socket$SocketInputStream.read(Socket.java:1025) at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:483) at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:477) at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:922) at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1291) at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1263) at TLSWithEdDSA.runClientApplication(TLSWithEdDSA.java:549) at SSLSocketTemplate.doClientSide(SSLSocketTemplate.java:359) at SSLSocketTemplate$2.run(SSLSocketTemplate.java:606) Is there maybe some need of adjustment in this test as well ? And while looking at it, src/java.base/share/classes/sun/nio/ch/NioSocketImpl.java 311 } catch (ConnectionResetException e) { 312 connectionReset = true; 313 throw new SocketException("Connection reset"); Shouldn't we add the cause to the SocketException("Connection reset") to get a more detailled picture of the exception?
30-12-2022
Fix Request (11u) Should get backported for parity with 11.0.12-oracle. Applies cleanly, but requires adaptation. Review thread: http://mail.openjdk.java.net/pipermail/jdk-updates-dev/2021-March/005349.html
17-03-2021
Fix Request Please approve this fix for 16u. This is a test fix only, and helps improve test stabilization. The patch applies cleanly, and the test passes.
02-03-2021
Changeset: 0a50688d Author: Fernando Guallini <fguallini@openjdk.org> Committer: Rajan Halade <rhalade@openjdk.org> Date: 2021-02-16 18:54:39 +0000 URL: https://git.openjdk.java.net/jdk/commit/0a50688d
16-02-2021
[~akolarkunnu] Sure, let's keep track of that test failure in https://bugs.openjdk.java.net/browse/JDK-8240233 since the cause is not quite the same as the other tests mentioned in this bug, a different fix may need to be applied.
10-02-2021
The server side is binding to the wildcard address, that has been a source of instability in many networking bugs. See https://bugs.openjdk.java.net/browse/JDK-8230858 Same fix will be applied to the following 4 occasionally failing tests: - javax/net/ssl/SSLSession/TestEnabledProtocols.java - sun/security/ssl/SSLSocketImpl/ReverseNameLookup.java - javax/net/ssl/TLSCommon/TLSTest.java - sun/security/ssl/CipherSuite/SupportedGroups.java SSLSocketImpl/SSLSocketBruceForceClose.java exception reported in this bug was not the same as others, it is a different error and cannot be reproduced anymore (tested more than 1000 times, 100% pass rate). No need to make any change for that test at this time.
01-02-2021
Here's a snippet from the log file for the jdk-17+8-467-tier2 sighting: javax/net/ssl/SSLSession/TestEnabledProtocols.java === Starting new test run === Enabled protocols on the server are: [SSLv3] Enabled protocols on the client are: [SSLv3, SSLv2Hello] Server SSLHandshakeException: javax.net.ssl.SSLHandshakeException: SSLv2Hello is not enabled at java.base/sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(SSLSocketInputRecord.java:381) at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:175) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:110) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1489) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1403) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411) at TestEnabledProtocols.runServerApplication(TestEnabledProtocols.java:76) at SSLSocketTemplate.doServerSide(SSLSocketTemplate.java:280) at SSLSocketTemplate.startServer(SSLSocketTemplate.java:584) at SSLSocketTemplate.bootup(SSLSocketTemplate.java:498) at SSLSocketTemplate.run(SSLSocketTemplate.java:83) at TestEnabledProtocols.runCase(TestEnabledProtocols.java:275) at TestEnabledProtocols.main(TestEnabledProtocols.java:236) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127) at java.base/java.lang.Thread.run(Thread.java:831) Client got UNEXPECTED Exception: javax.net.ssl.SSLException: Connection reset at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:127) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:369) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:144) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1489) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1403) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411) at TestEnabledProtocols.runClientApplication(TestEnabledProtocols.java:108) at SSLSocketTemplate.doClientSide(SSLSocketTemplate.java:359) at SSLSocketTemplate$2.run(SSLSocketTemplate.java:598) Suppressed: java.net.SocketException: Connection reset by peer at java.base/sun.nio.ch.NioSocketImpl.implWrite(NioSocketImpl.java:420) at java.base/sun.nio.ch.NioSocketImpl.write(NioSocketImpl.java:440) at java.base/sun.nio.ch.NioSocketImpl$2.write(NioSocketImpl.java:826) at java.base/java.net.Socket$SocketOutputStream.write(Socket.java:1045) at java.base/sun.security.ssl.SSLSocketOutputRecord.encodeAlert(SSLSocketOutputRecord.java:81) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:400) ... 10 more Caused by: java.net.SocketException: Connection reset at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:323) at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:350) at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:803) at java.base/java.net.Socket$SocketInputStream.read(Socket.java:976) at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:478) at java.base/sun.security.ssl.SSLSocketInputRecord.readFully(SSLSocketInputRecord.java:461) at java.base/sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(SSLSocketInputRecord.java:243) at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:181) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:110) ... 7 more ** FAILURE **
28-01-2021
Could not reproduce these failures. Tests were executed hundred of times with 100% pass rate to check this particular issue, in addition they did not fail in last 4 SBR runs either. It may have been caused by environmental issues back in 2020-03 when most of the failures were seen.
16-11-2020
Adding a reference bug JDK-8236498 to see if it is possible that these are related.
20-03-2020