ODSEE - "Inbound Closed Before Receiving Peer's Close_notify: Possible Truncation Attack?" (Doc ID 1645925.1)

Last updated on OCTOBER 11, 2016

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.3 SP1 and later
Information in this document applies to any platform.

Symptoms

 On a busy server many connections show an error upon closing an SSL or StartTLS connection.

For example the following was seen on DPS 11.1.1.7.0 but any version can be affected.,


 [31/Jan/2014:11:13:33 -0500] - PROFILE    - INFO  - conn=300968 assigned to connection handler cn=Example_conn_handler,cn=connection handlers,cn=config
 [31/Jan/2014:11:13:33 -0500] - CONNECT    - INFO  - conn=300968  client=127.0.0.1:62188 server=localhost:9389 protocol=LDAP
 [31/Jan/2014:11:13:33 -0500] - OPERATION  - INFO  - conn=300968 op=0 EXTENDED oid="1.3.6.1.4.1.1466.20037" [Thread Worker Thread 94]
 [31/Jan/2014:11:13:33 -0500] - OPERATION  - INFO  - conn=300968 op=0 EXTENDED RESPONSE err=0 msg="" etime=1 [Thread Worker Thread 94]
 [31/Jan/2014:11:13:33 -0500] - OPERATION  - INFO  - conn=300968 op=1 msgid=2 SEARCH base="dc=example,dc=com" scope=2 controls="" filter="(uid=test123)" attrs="dn " [Thread Worker Thread 48]
 [31/Jan/2014:11:13:33 -0500] - SERVER_OP  - INFO  - conn=300968 op=1 SEARCH base="dc=example,dc=com" scope=2 filter="(uid=test123)" attrs="dn "
 s_msgid=388 s_conn=ds1:510 [Thread Worker Thread 48]
 [31/Jan/2014:11:13:33 -0500] - SERVER_OP  - INFO  - conn=300968 op=1 SEARCH RESPONSE err=0 msg="" nentries=1 s_msgid=388 s_conn=ds1:510 etime=0 [Thread Worker Thread 48]
 [31/Jan/2014:11:13:33 -0500] - OPERATION  - INFO  - conn=300968 op=1 SEARCH RESPONSE err=0 msg="" nentries=1 etime=3 [Thread Worker Thread 48]
 [31/Jan/2014:11:13:33 -0500] - OPERATION  - INFO  - conn=300968 DISCONNECT [Thread Worker Thread 32]
 [31/Jan/2014:11:13:33 -0500] - DISCONNECT - INFO  - conn=300968 reason="other" msg="Exception caught while polling client connection
 LDAPS.127.0.0.1.62188 -- java.io.IOException: Received CLOSED during initial handshaking".

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms