-
Type:
Bug
-
Status: Resolved (View Workflow)
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: 1.4.18.Final
-
Fix Version/s: 2.0.0.Beta1, 1.4.19.Final
-
Component/s: SSL
-
Labels:None
-
Environment:
undertow 1.4.18.Final
xnio 3.4.6.Final
J8u144
Ubuntu 14.04 x64
io.undertow.protocols.ssl.SslConduit.doUnwrap(ByteBuffer[], int, int) tries to close itself if an exception occurs and then rethrows the original exception. close itself throws if the TLS negotiation failed as in issue 1155, hiding the original exception.
Close exception:
[TRACE] [jb:io.undertow.request.io]: Exception closing read side of SSL channel
|
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
|
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
|
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
|
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
|
at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)
|
at io.undertow.protocols.ssl.ALPNHackSSLEngine.closeInbound(ALPNHackSSLEngine.java:279)
|
at io.undertow.server.protocol.http.ALPNLimitingSSLEngine.closeInbound(ALPNLimitingSSLEngine.java:161)
|
at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:612)
|
at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java:986)
|
at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java:1081)
|
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:802)
|
at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:648)
|
at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63)
|
at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1048)
|
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:592)
|
at org.xnio.nio.WorkerThread.run(WorkerThread.java:472)
|