Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
…9148) * stream: run TlsSpec for TLSv1.3 on jdk >= 11 Session renegotiation tests are disabled because TLS 1.3 does not support renegotiation any more. (cherry picked from commit e524a0d) I mostly copied over the newest version of TlsSpec from master without doing a proper conflict resolution that does mimimal things. Hopefully, we have only picked up some more recent fixes and not some unwanted stuff. * stream: fix half-closed TLS connection spin-loop Refs #29110 TLSActor could get caught in a spin-loop on connection termination because there was an implicit assumption that when inbound is closed (peer has sent `close_notify`), this SSLEngine would also automatically send a `close_notify` and close the connection. Therefore, it would stay in `flushOutbound` pumping in a loop. This is not true anymore with TLS 1.3, more accurately it can be configured using `-Djdk.tls.acknowledgeCloseNotify` which is `false` by default leading to half-open connections. The solution is to not support half-open TLS connections for now and consider a connection closed as soon as `isInboundClosed` and there's no outstanding data. (To support half-open connections, this fix would have to be reverted and `flushOutbound` fixed accordingly.) (cherry picked from commit 9beb88f) * stream: avoid getting stuck when doUnwrap returns NEED_WRAP with outstanding data Refs #29111 This seems only to happen with TLS 1.3. In that case, remaining data in `transportInBuffer` was left there instead of putting it back onto the chopping block. Then `doWrap` was run but `doUnwrap` was never called again because only the chopping block was checked for outstanding data but not the buffer. (cherry picked from commit 87c5844)
- Loading branch information