[openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken
Stephen Henson via RT
rt at openssl.org
Wed Feb 18 22:49:39 UTC 2015
On Wed Feb 18 21:12:09 2015, laurenz.albe at wien.gv.at wrote:
> I ran into this problem while connecting to a PostgreSQL server
> (PostgreSQL uses OpenSSL
> for SSL support) with a Java client using
> the PostgreSQL JDBC driver (which uses
> the Java Secure Socket
> Extension which is part of Oracle's Java Runtime Environment).
> Since database connections are potentially long-lived, the PostgreSQL
> server will
> trigger a renegotiation after a certain amount of data
> has been exchanged via the
> TLS channel; this amount is configurable
> with the parameter "ssl_renegotiation_limit".
>
> This renegotiation is
> always aborted by OpenSSL with the error "unexpected record".
> I could
> reproduce the problem with OpenSSL 1.0.1e on Linux and OpenSSL 1.0.1j
> on
> Windows using Oracle JRE 1.7.0_71 and 1.7.0_75 on the client side.
> The protocol version in effect is TLS 1.2 (0x303).
>
There were some fixes related to renegotiation handling in OpenSSL which first
appeared in 1.0.1k. Can you see if this problem still happens in the latest
version of OpenSSL?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list