Databases
StackOverflow2013
Postsdbo
POjavax.net.ssl, https clients and close_notify
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POjavax.net.ssl, https clients and close_notify
    primarykey
    data
    text
    <p>Simple Netty implementation of https server utilizing javax.net.ssl, with a self-signed certificate. Server is up, and then a request is made using <a href="https://chrome.google.com/webstore/detail/dev-http-client/aejoelaoggembcahagimdiliamlcdmfm?hl=en" rel="nofollow">DHC by Restlet</a>. On the server side I get:</p> <blockquote> <p>io.netty.handler.ssl.SslHandler setHandshakeFailure <strong>WARNING: SSLEngine.closeInbound() raised an exception due to closed connection. javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?</strong> at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) at sun.security.ssl.SSLEngineImpl.closeInbound(Unknown Source) at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:905) at io.netty.handler.ssl.SslHandler.channelInactive(SslHandler.java:576) at io.netty.channel.DefaultChannelHandlerContext.invokeChannelInactive(DefaultChannelHandlerContext.java:819) at io.netty.channel.DefaultChannelHandlerContext.access$1300(DefaultChannelHandlerContext.java:38) at io.netty.channel.DefaultChannelHandlerContext$5.run(DefaultChannelHandlerContext.java:808) at io.netty.channel.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:259) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:305) at io.netty.channel.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:110) at java.lang.Thread.run(Unknown Source)</p> </blockquote> <p>And on the client side:</p> <blockquote> <p>No response. Is the certificate valid? Click here to check.</p> </blockquote> <p>Issuing the same request at Chrome's address bar, the same server-side exception. Issuing the same at Firefox's address bar, the same exception while Firefox is displaying its warning page about the certificate not being from a trusted CA. <em>This exception seems very generic and not directly indicating what the state of the protocol is</em>. Does it mean these 3 clients (Chrome, Firefox, <a href="https://chrome.google.com/webstore/detail/dev-http-client/aejoelaoggembcahagimdiliamlcdmfm?hl=en" rel="nofollow">DHC by Restlet</a>), are not playing the protocol nicely and just disappearing on the server rather than sending a close_notify? or is that a client-side behavior mandated by SSL RFC's or just a security oriented client-side design?</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USfilip26
    1. USmatanster
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POjavax.net.ssl, https clients and close_notify
      1. USBruno
      1. VTFavorite
    2. VO
      singulars
      1. POjavax.net.ssl, https clients and close_notify
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POjavax.net.ssl, https clients and close_notify
      1. This table or related slice is empty.
      1. VTUpMod
    1. COSeems all clients I tried just skip sending a close_notify. Perhaps it's good for the client to just drop out immediately, though leaving the server a bit puzzled as to what may be the detailed reason...
      singulars
      1. POjavax.net.ssl, https clients and close_notify
      1. USmatanster
    2. COHi Matt. I am making https request from Dev HTTP Client and having the same situation on the client side. How did you manage it?
      singulars
      1. POjavax.net.ssl, https clients and close_notify
      1. USAntonio Acevedo
    3. CO@AntonioAcevedo, it seems that common clients behave in the following manner when connecting to an untrusted certificate - they close the connection and prompt the user. So all the server sees is the client disappearing on them, but the client doesn't notify the server about its reason. This makes sense security-wise from the client perspective (dispensing least amount of information upon a security issue to a 2nd party is a good practice). So this situation doesn't require 'solving' but only accepting it as a given.
      singulars
      1. POjavax.net.ssl, https clients and close_notify
      1. USmatanster
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload