SSL:javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible trunca

来源：互联网发布：淘宝网代理怎么做编辑：程序博客网时间：2024/05/29 16:32

最近在做rest http服务器，在调试ssl时，发现服务器经常报错：

javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.7.0_45]at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619) ~[na:1.7.0_45]at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587) ~[na:1.7.0_45]at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1517) ~[na:1.7.0_45]at org.jboss.netty.handler.ssl.SslHandler.channelDisconnected(SslHandler.java:672) ~[netty-3.8.0.Final.jar:na]at org.jboss.netty.channel.Channels.fireChannelDisconnected(Channels.java:396) ~[netty-3.8.0.Final.jar:na]at org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWorker.java:360) ~[netty-3.8.0.Final.jar:na]at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:93) ~[netty-3.8.0.Final.jar:na]at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108) ~[netty-3.8.0.Final.jar:na]at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318) ~[netty-3.8.0.Final.jar:na]at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89) ~[netty-3.8.0.Final.jar:na]at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) ~[netty-3.8.0.Final.jar:na]at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_45]at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_45]at java.lang.Thread.run(Thread.java:744) [na:1.7.0_45]

在网上查找资料后发现了原因：

"It's not actually a bug. An SSLException can be sometimes thrown while destroying the session if the connection was closed abnormally. You can simply ignore that exception. That's why I logged that message in DEBUG level."

It's probably because the remote peer is closing the connection immediately not sending the last close_notify. Actually sending close_notify message is not madatory in SSL, so it's OK IMO. But as you pointed out, it's somewhat annoying. I don't have clear solution for this for now. Any patch is welcome.

浏览器客户端关闭SSL连接时，没有发送close_notify message到服务器，导致服务器报错。该错不会影响系统运行。

解决方法：

将日志级别从debug提升到INFO即可。

参考：

http://comments.gmane.org/gmane.comp.apache.directory.mina.devel/8985

http://lanmh.iteye.com/blog/216957

http://apache-mina.10907.n7.nabble.com/SSLFilter-problem-on-closing-connection-td19341.html

http://blog.csdn.net/kjfcpua/article/details/4880596

0 0