Hi,
after checking JIRA, I found this:
https://issues.apache.org/jira/browse/DIRMINA-272
Which was closed with the following note:
"It's not actually a bug. An SSLException can be sometimes thrown while
destroying the session if the connection was closed abnormally. You can
simply ignore that exception. That's why I logged that message in DEBUG
level."
So I can ignore this exception. But for me it still occurs on every call
to session.close(), not only sometimes.
Cheers,
András
[ Show » <https://issues.apache.org/jira/browse/DIRMINA-272> ]
Trustin Lee
<https://issues.apache.org/jira/secure/ViewProfile.jspa?name=trustin> -
10/Oct/06 06:29 PM It's not actually a bug. An SSLException can be
sometimes thrown while destroying the session if the connection was
closed abnormally. You can simply ignore that exception. That's why I
logged that message in DEBUG level.
Kerekes András wrote:
Hi,
did anybody encounter the problem described below using SSL?
Cheers,
András
Kerekes András wrote:
Hi,
I found an interesting issue when using SSL communication in Mina
1.1.5 (and 1.1.3) . I use a custom protocol with custom message
classes, one of them is LogoutMessage. When this is sent, it signals
the server that the client is finishing the communication. After
sending the LogoutMessage and receiving the corresponding response
the client closes the session with: ioSession.close().join()
And this throws an exception:
Unexpected exception from SSLEngine.closeInbound().
javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.closeInbound(Unknown
Source)
at
org.apache.mina.filter.support.SSLHandler.destroy(SSLHandler.java:167)
at org.apache.mina.filter.SSLFilter.sessionClosed(SSLFilter.java:367)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(AbstractIoFilterChain.java:269)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$800(AbstractIoFilterChain.java:53)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.sessionClosed(AbstractIoFilterChain.java:633)
at
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:230)
at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:264)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
at java.lang.Thread.run(Unknown Source)
The server closes the connection normally. We made extensive
debugging and it seems the when the client closes the session and the
SSLFilter calls the initiateClosure method it sends the
close_notification to the server but does not receive the
confirmation from the server side. The same happens when the server
initiates the closing of the session after sending the
LogoutResponse, but this time the exception is thrown at the server
side.
The reason for this behavior seems to be that the IoSession is
removed in the SocketIoProcessor's worker thread at the doRemove()
call, and the execution hits the 'break;' line so the infinite loop
terminates and by the time the response (confirming the close
notification) from the other end of the communication arrives there
is no IoProcessor to process the message and let the SSLFilter close
the SSL session properly.
I've attached a small example which produces this issue.
Is it a bug or am I doing something wrong?
Thanks for the help!
Andras
