JavaTM Secure Socket Extension 1.0.1

Known Bugs


  1. The "PKCS12" KeyStore type included in the JSSE reference implementation security provider only supports load() and not save(). This means that the keytool utility may be used to view but not edit pkcs12 files. The implementation supports PBEWithSHAAnd3KeyTripleDES for shrouded private keys and PBEWithSHAAnd40BitRC2 for safe contents elements. This should be compatible with PKCS12 files exported by Netscape Communicator version 4.04 and later. PKCS12 files using other algorithms can first be imported to Communicator and then exported in a compatible format.

  2. SSL server-side sockets may emit legal but unnecessary HelloRequest messages during handshaking.

  3. Under certain limited circumstances, if a fractional portion of an InputStream object returned from an https reply is read and the InputStream is then closed, and if a new https request to the same server is made before the cached persistent connection times out, the read will return the remainder of the first InputStream instead of the second. This is more apparent when amounts larger than 2000 bytes remain to be read. (Sun Bug Id: 4297363)

    Two Workarounds exist:

    1. Turn off persistent connection support for https. (NOTE: persistent connection support was introduced in JDK 1.3). This feature is disabled by setting the System property "http.keepAlive" to false. Unfortunately, this will affect the default JDK http handler if using JDK 1.3 (and above).

    2. Completely read the InputStream before starting a new connection.

Copyright © 1996-2000 Sun Microsystems, Inc. All Rights Reserved.

Please send comments to: java-security@sun.com.