[Date Prev][Date Next]
RE: Session Resumption problems with JSSE-OpenLDAP
Analysis from Sun:
Synopsis: Session Resumption Hangs against OpenLdap with OpenSSL
The Evaluation section says:
Closing as a duplicate of 4529751. Although that bug is about JNDI and
not JLDAP, it is essentially the same problem.
Synopsis: JNDI using TLS or SSL hangs on multiple connections
There are some known problems with how directory servers handle
a SSL/TLS close.
For Windows Active Directory 2000, there is a bug in the server
that doesn't handle reusing a session. See 4414143. This is fixed
in Windows Active Directory XP, scheduled for release in Q1 2002.
i-Planet Directory 5.0 ignores the Start TLS close. Just hangs. SSL
close didn't seem to be a problem, but maybe that's just coincidental.
The table below lists the TLS/SSL close behavior with directory servers
when multiple connections (50) were made one after another.
The client was run using JDK1.4 FCS.
As the table suggests SSL close behaves just fine.
The startTLS (tls.close() not called) coloumn lists the behavior when
a new context is used for subsequent connections.
startTLSResponse.close() is not called in this case.
The startTLS (tls.close() called) coloumn lists the behavior when
startTLSResponse.close() is explicitly called, and a new
StartTLSResponse is created using the same context for subsequent
The Failure reason section of the table below indicates that failures
are due to improper handling of StartTLSResponse.close() by the
server-side implementation. The client-side is handling of TLS close()
Server startTLS startTLS SSL Failure reason
called) not called)
Active OK OK OK
directory 5.0 FAIL OK OK The server ignores
and hangs, while the
client waits for
the server to respond.
directory 5.1 FAIL OK OK Same as above
2.0.11 FAIL OK OK The server closes the
tcp connection when