Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
4.4.11
-
None
Description
Hi, we recently are upgrading for our prod system to amazon latest jdk 11.
and found a issue.
The case is weird and hard to reproduce.
So here I try to describe it more clearly enough.
In summary, the case is: the method (not know why this is unformated even I copied into a text editor):
org.apache.http.nio.reactor.ssl.SSLIOSession#doHandshake
in this method, it implements:
// below code I added some metrics for help to diagnose. // you can ignore it private void doHandshake() throws SSLException { SSLMetrics.handshakeAll.incrementAndGet(); boolean handshaking = true; SSLEngineResult result = null; int handshakeNeedWrapTimes = 0; SocketAddress addr = null; boolean printed = false; try { while (handshaking) { SSLMetrics.handshakeAllInnerLoop.incrementAndGet(); switch (this.sslEngine.getHandshakeStatus()) { case NEED_WRAP: handshakeNeedWrapTimes ++; // Generate outgoing handshake data SSLMetrics.handshakeAllNeedWrap.incrementAndGet(); // Acquire buffer final ByteBuffer outEncryptedBuf = this.outEncrypted.acquire(); // some extra code to help diagnose if (!printed && handshakeNeedWrapTimes > PRINT_THRESHOLD) { try { addr = this.session.getRemoteAddress(); if (addr != null) { System.out.println("[sslmetricsprinter-handshake][" + addr + "][" + handshakeNeedWrapTimes + "]"); } } catch (Exception e) {} printed = true; } // Just wrap an empty buffer because there is no data to write. result = doWrap(ByteBuffer.allocate(0), outEncryptedBuf); if (result.getStatus() != Status.OK) { handshaking = false; } break; case NEED_UNWRAP: // other cases ignored... } }
our metrics show the need_wrap count is increased 3000 times of jdk8 runtime.
and I checked the version 5. found this is changed.
Bug fix: corrected handling of NEED_WRAP handshake status during graceful SSL session termination !image-2019-07-18-09-52-10-100.png!
it's on tag: 0088ef6
So I have below questions:
- Can you guys fix this on the version 4.4?
- if not, is it safe for us to merge this two snippets code back to http manually? but it has two snippets one in the while loop and one in the updateEventMask method. do we need to back port whether two methods or only while loop code?
