在Java中完成TLS握手之前,accept()是否返回？

我正在使用Java的SSL库来保护应用程序之间的连接.而且我注意到SSLServerSocket.accept()返回一个套接字,即使握手失败.

>这是否意味着SSLServerSocket.accept()不会等待初始握手完成？和
>如果没有,我如何等待握手完成并检测握手失败的客户端？还是可以简单地在新的SSLSocket上开始操作,而握手将在实际操作之前自动完成？

另外,在当前(重新)握手的SSLSocket中写入和读取是否会阻塞,直到完成当前握手为止？如果没有,在握手插座上操作是否安全？握手和应用程序数据是否会并行发送且不会互相影响？

解决方法:

accept()不发起握手,它仅返回接受的套接字.当您开始在接受的套接字上执行I / O时,将启动握手.这是记录的行为：

http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html

The initial handshake on this connection can be initiated in one of three ways:

• calling startHandshake which explicitly begins handshakes, or
• any attempt to read or write application data on this socket causes an implicit handshake, or
• a call to getSession tries to set up a session if there is no currently valid session, and an implicit handshake is done.

If handshaking fails for any reason, the SSLSocket is closed, and no futher communications can be done.

…

When SSLSockets are first created, no handshaking is done so that applications may first set their communication preferences: what cipher suites to use, whether the socket should be in client or server mode, etc. However, security is always provided by the time that application data is sent over the connection.

至于握手重新协商,也记录在案：

http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html#startHandshake()

If data has already been sent on the connection, it continues to flow during this handshake. When the handshake completes, this will be signaled with an event. This method is synchronous for the initial handshake on a connection and returns when the negotiated handshake is complete. Some protocols may not support multiple handshakes on an existing socket and may throw an IOException.

标签：ssl,sockets,jsse,handshake,java
来源： https://codeday.me/bug/20191029/1958445.html