[SERVER-11612] Java driver problems with SSL session caching Created: 06/Nov/13  Updated: 06/Feb/15  Resolved: 07/Mar/14

Status: Closed
Project: Core Server
Component/s: Networking, Security
Affects Version/s: 2.4.7
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Andreas Nilsson Assignee: Andreas Nilsson
Resolution: Won't Fix Votes: 2
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-10261 Disable SSL session caching on server... Closed
related to SERVER-17022 No SSL Session Caching may not be res... Closed
Operating System: ALL
Participants:

 Description   

This problem still persists in 2.4.7, the fix from SERVER-10261 was not solve the entire issue.

It's possible to generate SSL handshake errors with a trivial Java program: https://gist.github.com/anonymous/a2c4a8ac8f9e38e22edf. This program loops indefinitely, opening a new SSL socket on each iteration and sending a single write (which initiates the handshake).

It eventually generates this exception: http://cl.ly/image/0A2a0j0L0S1i. Note that the alert descriptions are not consistent, suggesting some sort of corruption.

The number of iterations before an error is not consistent, and it doesn't occur if SSL debugging is enabled in the client.

See linked ticket SERVER-10261



 Comments   
Comment by Andreas Nilsson [ 07/Mar/14 ]

As far as I can tell this seems to stem from miscommunication between the Java SSL stack and OpenSSL.

Generated at Thu Feb 08 03:26:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.