[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Session Resumption problems with JSSE-OpenLDAP

Analysis from Sun:

BugId: 4626636    
Synopsis: Session Resumption Hangs against OpenLdap with OpenSSL

The Evaluation section says: 
Closing as a duplicate of 4529751. Although that bug is about JNDI and 
not JLDAP, it is essentially the same problem.

BugId: 4529751
Synopsis: JNDI using TLS or SSL hangs on multiple connections

There are some known problems with how directory servers handle 
a SSL/TLS close.

For Windows Active Directory 2000, there is a bug in the server
that doesn't handle reusing a session. See 4414143. This is fixed
in Windows Active Directory XP, scheduled for release in Q1 2002.

i-Planet Directory 5.0 ignores the Start TLS close. Just hangs.  SSL
close didn't seem to be a problem, but maybe that's just coincidental.
The table below lists the TLS/SSL close behavior with directory servers
when multiple connections (50) were made one after another.

The client was run using JDK1.4 FCS.

As the table suggests SSL close behaves just fine.

The startTLS (tls.close() not called) coloumn lists the behavior when
a new context is used for subsequent connections.
startTLSResponse.close() is not called in this case.

The startTLS (tls.close() called) coloumn lists the behavior when
startTLSResponse.close() is explicitly called, and a new
StartTLSResponse is created using the same context for subsequent

The Failure reason section of the table below indicates that failures
are due to improper handling of StartTLSResponse.close() by the
server-side implementation. The client-side is handling of TLS close()
is fine.


Server          startTLS      startTLS        SSL     Failure reason
               (tls.close()   (tls.close()
                called)        not called)

Windows XP
Active            OK            OK            OK

directory 5.0    FAIL           OK            OK      The server ignores
                                                      and hangs, while the
                                                      client waits for
                                                      the server to respond.

directory 5.1    FAIL           OK            OK      Same as above

Open ldap
2.0.11           FAIL           OK            OK      The server closes the
                                                      tcp connection when
                                                      is called