stackoom
  简体   繁体   中英

Does accept() return before TLS handshake is done in Java?

 原文  2014-08-18 12:45:45       java/ sockets/ ssl/ handshake/ jsse

Question

I'm using Java's SSL library to secure the connections between my applications. And I noted that SSLServerSocket.accept() returns a socket even if the handshake fails.

  • Does that mean that SSLServerSocket.accept() won't wait until the initial handshake is done? and
  • If it does not, how can I wait for the handshake to be done and detect clients with failed handshake? Or can I simply start operating on the new SSLSocket and the handshake will be completed automatically before the actual operation?

Also, does writing to and reading from SSLSockets that are currently (re)handshaking block until the current handshake is done? And if not, is it secure to operate on handshaking sockets? Will handshake and application data be sent parallel and not affecting each other?

1 answers

solution1
 4 ACCPTED  2014-08-18 15:55:20

accept() does not initiate a handshake, it merely returns the accepted socket. The handshake is initiated when you start performing I/O on the accepted socket. This is documented behavior:

http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html

The initial handshake on this connection can be initiated in one of three ways:

  • calling startHandshake which explicitly begins handshakes, or
  • any attempt to read or write application data on this socket causes an implicit handshake, or
  • a call to getSession tries to set up a session if there is no currently valid session, and an implicit handshake is done.

If handshaking fails for any reason, the SSLSocket is closed, and no futher communications can be done.

...

When SSLSockets are first created, no handshaking is done so that applications may first set their communication preferences: what cipher suites to use, whether the socket should be in client or server mode, etc. However, security is always provided by the time that application data is sent over the connection.

As for handshake renegotiation, this is also documented:

http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html#startHandshake()

If data has already been sent on the connection, it continues to flow during this handshake. When the handshake completes, this will be signaled with an event. This method is synchronous for the initial handshake on a connection and returns when the negotiated handshake is complete. Some protocols may not support multiple handshakes on an existing socket and may throw an IOException.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question TLS Handshake error after server hello Done Java 1.6 TLS 1.2 handshake_failure Java TLS: Disable SNI on client handshake TLS-handshake with own random numbers in Java Decrypt bytes received from a websocket client on tls before the handshake Is type erasure done before the Java compiler does type checking? JAVA 6 does not support SNI, Any Alternative way to verify and accept SSL Certificate over TLS? How to use SSL/TLS handshake in my Java Webservice Client Request Where does return value go in java if no variable assigned to accept it? Determine Diffie-Hellman “Parameters” Length for a TLS handshake in Java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM