Uploaded image for project: 'MINA'
  1. MINA
  2. DIRMINA-891

SSLHandler throws SSLException during handshake that sequence number triggers

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.0.3
    • Fix Version/s: 2.0.8
    • Component/s: Core
    • Labels:
      None

      Description

      During second re-handshake that triggered to avoid sequence number overlap by SSLEngine, SSLEngine's unwrap method may return SSLEngineResult with BUFFER_OVERFLOW status and NEED_WRAP handshake status.

      In this case checkStatus method of SSLHandler will throw SSLException.

      1. sun.security.ssl.zip
        20 kB
        Ali
      2. MINARehandshake.zip
        600 kB
        Ali
      3. jsse.jar
        565 kB
        Ali

        Activity

        Hide
        elecharny Emmanuel Lecharny added a comment -

        I do think there is some potential issue in this area... The way the SSLEngine works is, frankly, stupid... You have to allocate the biggest possible buffer, just in case.

        Can you provide a small test case that can help us to debug the issue, and find the best possible fix ?

        Many thanks !

        Show
        elecharny Emmanuel Lecharny added a comment - I do think there is some potential issue in this area... The way the SSLEngine works is, frankly, stupid... You have to allocate the biggest possible buffer, just in case. Can you provide a small test case that can help us to debug the issue, and find the best possible fix ? Many thanks !
        Hide
        akdeniz Ali added a comment -

        I added simple MINA server and client project. But in order to reproduce error, some modifications is needed in jsse.jar of JDK.

        • Rehandshake trigger of sequence number decreased to 0xf00 (not to wait!)
        • Also two bugs those I reported to Oracle are resolved.

        Modified jsse.jar and edited classes are added as attachment.

        And here is java version that i used:

        java version "1.7.0_02"
        Java(TM) SE Runtime Environment (build 1.7.0_02-b13)
        Java HotSpot(TM) Client VM (build 22.0-b10, mixed mode)

        Show
        akdeniz Ali added a comment - I added simple MINA server and client project. But in order to reproduce error, some modifications is needed in jsse.jar of JDK. Rehandshake trigger of sequence number decreased to 0xf00 (not to wait!) Also two bugs those I reported to Oracle are resolved. Modified jsse.jar and edited classes are added as attachment. And here is java version that i used: java version "1.7.0_02" Java(TM) SE Runtime Environment (build 1.7.0_02-b13) Java HotSpot(TM) Client VM (build 22.0-b10, mixed mode)
        Hide
        elecharny Emmanuel Lecharny added a comment -

        I'll give it a try tomorrow morning. 2:37am, too late for my brain to provide any good direction

        Show
        elecharny Emmanuel Lecharny added a comment - I'll give it a try tomorrow morning. 2:37am, too late for my brain to provide any good direction

          People

          • Assignee:
            Unassigned
            Reporter:
            akdeniz Ali
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:

              Development