search cancel

SSLSocket duplex close failed messages in logs after updating JDK to adoptopen jdk1.8.0_261 (or later)

book

Article ID: 252935

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

After updating JDK to jdk1.8.0_332 and updating the javax.mail jar to version javax.mail-1.6.2.jar as directed in KB 252932 we are seeing the following:

One thing we noticed when -Djavax.net.debug=ssl:handshake:verbose was enabled, we were getting some SSL Socket errors as below:

2022-10-19 08:19:03,993 ERROR [stderr] (default task-78) javax.net.ssl|WARNING|06 39|default task-78|2022-10-19 08:19:03.993 CDT|SSLSocketImpl.java:566|SSLSocket duplex close failed (
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78) "throwable" : {
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)   java.net.SocketException: Socket is closed
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at java.net.Socket.shutdownInput(Socket.java:1539)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at sun.security.ssl.BaseSSLSocketImpl.shutdownInput(BaseSSLSocketImpl.java:216)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:741)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at sun.security.ssl.SSLSocketImpl.bruteForceCloseInput(SSLSocketImpl.java:691)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at sun.security.ssl.SSLSocketImpl.duplexCloseOutput(SSLSocketImpl.java:650)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at sun.security.ssl.SSLSocketImpl.close(SSLSocketImpl.java:555)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at com.sun.jndi.ldap.Connection.cleanup(Connection.java:669)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at com.sun.jndi.ldap.LdapClient.close(LdapClient.java:446)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at com.sun.jndi.ldap.LdapCtx.closeConnection(LdapCtx.java:2962)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at com.sun.jndi.ldap.LdapCtx.close(LdapCtx.java:2669)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at javax.naming.InitialContext.close(InitialContext.java:556)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at javax.naming.InitialContext.close(InitialContext.java:556)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at com.ca.commons.jndi.JNDIOps.close(JNDIOps.java:1753)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at com.netegrity.llsdk6.imsimpl.directory.jndi.JNDIBase.getObject(JNDIBase.java:538)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at com.netegrity.llsdk6.imsimpl.directory.jndi.JNDIEtrustAdminUser.getObject(JNDIEtrustAdminUser.java:216)
2022-10-19 08:19:03,994 ERROR [stderr] (default task-78)        at com.netegrity.llsdk6.imsimpl.directory.jndi.JNDIDirectoryProvider.getObj

Is this a concern?

Environment

Identity Manager
using JDK 1.8.0_261 or later

Resolution

due to changes Oracle made around TLS logging for the JDK:
https://www.oracle.com/java/technologies/javase/8all-relnotes.html#R180_261

Cause: JDK 8u261 introduced a new format for TLS logging. Additional data is now captured per event and logged. Exceptions handled by the JDK TLS library code may print verbose information about the cause of such exceptions when logging is enabled.

Solution: User can safely ignore these Warning messages


Digging a bit further this is resolved in a later release of the JDK, but can continue to appear if the various 3rd party libraries have not been updated yet. 
We are working on updating these libraries in Cumulative patches and new version releases, so this will eventually be cleared up.   

In the meantime, these messages have no impact on the Broadcom Software and can be ignored.

Additional Information

These messages are only written into the logs with the additional SSL java logging parameter configured:

-Djavax.net.debug=ssl:handshake:verbose