JDK-8306089 : Release Note: Behavior changes for SSLSocket input stream shut down
- Type: Sub-task
- Component: security-libs
- Sub-Component: javax.net.ssl
- Affected Version: 8u291,11.0.11-oracle,17
- Priority: P4
- Status: Resolved
- Resolution: Delivered
- Submitted: 2023-04-17
- Updated: 2023-04-20
- Resolved: 2023-04-20
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 17 |
|---|
17Resolved  |
Description
The SunJSSE close notification checks for `SSLSocket` have been made less strict to conform to changes in the Transport Layer Security (TLS) RFCs. If an application tries to close the input stream of an `SSLSocket` (via `shutdownInput()` method) without having received a close notification message from its peer, the `SSLSocket` will no longer: 1. trigger the transmission of a TLS fatal-level alert to the peer, and 2. invalidate the current TLS session. The new behavior will still consider this condition an error and will throw a local `javax.net.ssl.SSLException`. A fatal-level alert will no longer be sent to the peer, and the underlying session will remain valid. In addition, the internal transport context for the `SSLSocket` will also now be closed. Previously, this step didn't occur if a fatal message was generated.
Comments
|