Disclaimer: This repository is a git-svn mirror of the project found at http://java.net/projects/jsip whose original repository is developed collaboratively by the Advanced Networking Technologies Division at the National Institute of Standards and Technology (NIST) - an agency of the United States Department of Commerce and by a community of individual and enterprise contributors. TeleStax, Inc. will perform some productization work, new features experimentation branches, etc for its TelScale jSIP product that doesn't concern the community from the main repository hence this git repository.
As a result SSL handshake is hanging and negotiation never ends.
Scenario:
Android WebRTC Demo tries to register with RC on Oreo using TLS
The SSL negotiation hangs after both sides have sent FINISHED packets
Analysis
Client sends Client Hello packet
Client receives Server Hello packet
Client sends Key Exchange, ..., Finished packet
Client receives Change Cipher Spec and Finished packets (seems to be reading them both in one go in the selector thread)
this.sslEngine.unwrap() is called in 1st while iteration for 6 bytes (Change Cipher Spec packet) consumed, state NEED_WRAP
this.sslEngine.unwrap() is called in 2nd while iteration for 69 bytes (Finished packet) consumed, state NEED_WRAP (should probably be FINISHED)
this.sslEngine.unwrap() is called in 3rd while iteration for 0 bytes consumed, state NOT_HANDSHAKING
As a result sslEngine never returns FINISHED state and this messes up the state machine and freezes the handshake. In the successful scenario (i.e. pre-Oreo) unwrap is called once and returns 75 bytes (both Change Cipher Spec and Finished packet) with a state of FINISHED.
I think we need to workaround this issue in the JAIN SIP side for the short them, similar to:
At the same time I have opened a ticket for android that I plan to follow up on, so that if we 're lucky this gets fixed down the road in Android/SSL as well.
jaimecasero
commented
6 years ago
As a result SSL handshake is hanging and negotiation never ends.
Scenario:
Analysis
As a result sslEngine never returns FINISHED state and this messes up the state machine and freezes the handshake. In the successful scenario (i.e. pre-Oreo) unwrap is called once and returns 75 bytes (both Change Cipher Spec and Finished packet) with a state of FINISHED.
I think we need to workaround this issue in the JAIN SIP side for the short them, similar to:
At the same time I have opened a ticket for android that I plan to follow up on, so that if we 're lucky this gets fixed down the road in Android/SSL as well.