tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rémy Maucherat <r...@apache.org>
Subject Re: svn commit: r1727992 - in /tomcat/trunk: java/org/apache/tomcat/util/net/SecureNioChannel.java webapps/docs/changelog.xml
Date Tue, 02 Feb 2016 10:32:21 GMT
2016-02-02 10:46 GMT+01:00 Mark Thomas <markt@apache.org>:

> > And the fields from Record are static (obviously) and final. The value
> > returned thus shouldn't be able to change.
>
> But acceptLargeFragments can change via a call to
> SSLSessionImpl.expandBufferSizes().
>
> Correct, thanks, the code has the full explanation actually.

acceptLargeFragments could default to true, which will then cause
getApplicationBufferSize to have the compatible non compliant value:
    /**
     * Use large packet sizes now or follow RFC 2246 packet sizes (2^14)
     * until changed.
     *
     * In the TLS specification (section 6.2.1, RFC2246), it is not
     * recommended that the plaintext has more than 2^14 bytes.
     * However, some TLS implementations violate the specification.
     * This is a workaround for interoperability with these stacks.
     *
     * Application could accept large fragments up to 2^15 bytes by
     * setting the system property jsse.SSLEngine.acceptLargeFragments
     * to "true".
     */
    private boolean acceptLargeFragments =
        Debug.getBooleanProperty("jsse.SSLEngine.acceptLargeFragments",
false);

I don't plan to port the fix to NIO2 at the moment, since it is a
compatibility flag that can be adjusted by users and it would remove my
buffer flexibility :(

Rémy

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message