tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 62791] SecureNioChannel fails with "IllegalArgumentException: You can only read using the application read buffer provided by the handler."
Date Mon, 08 Oct 2018 16:04:16 GMT

--- Comment #7 from Mark Thomas <> ---
Looks like I missed something when looking at the OpenJDK code.

>From the Oracle JSSE docs:

Note: The SSL/TLS protocols specify that implementations are to produce packets
containing at most 16 kilobytes (KB) of plain text. However, some
implementations violate the specification and generate large records up to 32
KB. If the SSLEngine.unwrap() code detects large inbound packets, then the
buffer sizes returned by SSLSession will be updated dynamically. Applications
should always check the BUFFER_OVERFLOW and BUFFER_UNDERFLOW statuses and
enlarge the corresponding buffers if necessary. SunJSSE will always send
standard compliant 16 KB records and allow incoming 32 KB records. For a
workaround, see the System property jsse.SSLEngine.acceptLargeFragments in
Customizing JSSE.

If we removed the resizing then any spec non-complaint clients are going to
fail until Tomcat is restarted with the above system property set. On balance,
I think it is best to leave things as they are.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message