Hi,
On Tue, Jan 7, 2014 at 8:15 PM, kreid <
k.o....@gmail.com> wrote:
> [DEBUG] [01/07/2014 13:43:22.173] [system-akka.actor.default-dispatcher-5]
> [akka://system/user/IO-HTTP/group-0/0] Received unexpected Tcp.PeerClosed,
> invalidating SSL session
I can reproduce the issue. The problems is this:
a) the server sends this response:
HTTP/1.1 500 Internal Server Error
SOAPAction: ""
Content-Type: text/xml;charset=utf-8
Date: Wed, 08 Jan 2014 11:53:38 GMT
Connection: close
Server: SWS
<?xml version="1.0" encoding="UTF-8"?>
<soap-env:Envelope
xmlns:soap-env="
http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Header/><soap-env:Body><soap-env:Fault><faultcode>soap-env:Client.InvalidEbXmlMessage</faultcode><faultstring>Unable
to create envelope from given source:
com.sun.xml.messaging.saaj.soap.dom4j.ElementImpl cannot be cast to
com.sun.xml.messaging.saaj.soap.Envelope</faultstring><detail><StackTrace>javax.xml.soap.SOAPException:
Unable to create envelope from given source:
com.sun.xml.messaging.saaj.soap.dom4j.ElementImpl cannot be cast to
com.sun.xml.messaging.saaj.soap.Envelope</StackTrace></detail></soap-env:Fault></soap-env:Body></soap-env:Envelope>
b) and then closes the TCP connection directly without going through
the mandatory SSL shutdown sequence which must be handled like a TCP
connection reset.
The response which, in fact, was already received cannot be used
because it contains no `Content-Length` header which means the entity
is bounded by a regular TCP close. However, as the server doesn't
implement SSL correctly the connection is never closed correctly. This
situation isn't distinguishable from a truncation attack so I don't
there's not much we can do on the spray side to fix the issue.
Incidentally, I filed an issue to simplify debugging SSL issues by
making the SslTlsSupport.tracing a regular configuration flag. Right
now, you have to recompile to get enough debug output to analyze
issues like this one.
https://github.com/spray/spray/issues/750
--
Johannes
-----------------------------------------------
Johannes Rudolph
http://virtual-void.net