Reputation: 1381
Can netty handle re-segmented TLS records?
Since there is no correspondence between NIO TCP read events (essentially TCP buffered segments) and the TLS records carried as payload inside them, I am trying to figure out if Netty handles correctly TLS records that are randomly re-segmented into separate NIO reads.
In SSLEngine.unwrap() this would cause a BUFFER_UNDERFLOW which is handled simply by breaking the loop here: https://github.com/netty/netty/blob/master/handler/src/main/java/io/netty/handler/ssl/SslHandler.java#L483
Does anyone have experience with re-segmentation and if this code is sufficient to recover TLS records in all cases? Any advice on testing it would be appreciated?
Upvotes: 0
Views: 95
Answers (1)
Reputation: 12351
The answer is yes. After breaking the loop, the unwrap() method will be called again when more data is received. If you find a bug where SslHandler doesn't handle re-segmented TLS records, please file a bug so that we can fix it.
Upvotes: 1
Related Questions
- Netty SSL server and client
- How to enforce netty server to communicate over TLS 1.2?
- Netty's data represenatation inside ChannelPipeline?
- Is it possible to disable TLS renegotiation in netty 4
- Netty 4 And Server Chunked Responses
- How to migrate Netty 3.6 to Netty 4.0 for server chunked responses?
- Chunking WebSocket Frames with Netty 3.5
- Netty : does it need to care TCP segments reassembly?
- Netty TCP message - any chance the request under the MTU size gets fragmented?
- Netty - Framing