--- a/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java Wed Sep 21 15:37:52 2011 -0700
+++ b/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java Thu Sep 29 17:31:30 2011 -0700
@@ -371,6 +371,11 @@
/* Class and subclass dynamic debugging support */
private static final Debug debug = Debug.getInstance("ssl");
+ /*
+ * Is it the first application record to write?
+ */
+ private boolean isFirstAppOutputRecord = true;
+
//
// CONSTRUCTORS AND INITIALIZATION CODE
//
@@ -804,8 +809,35 @@
if (connectionState < cs_ERROR) {
checkSequenceNumber(writeMAC, r.contentType());
}
+
+ // turn off the flag of the first application record
+ if (isFirstAppOutputRecord &&
+ r.contentType() == Record.ct_application_data) {
+ isFirstAppOutputRecord = false;
+ }
}
+ /*
+ * Need to split the payload except the following cases:
+ *
+ * 1. protocol version is TLS 1.1 or later;
+ * 2. bulk cipher does not use CBC mode, including null bulk cipher suites.
+ * 3. the payload is the first application record of a freshly
+ * negotiated TLS session.
+ * 4. the CBC protection is disabled;
+ *
+ * More details, please refer to AppOutputStream.write(byte[], int, int).
+ */
+ boolean needToSplitPayload() {
+ writeLock.lock();
+ try {
+ return (protocolVersion.v <= ProtocolVersion.TLS10.v) &&
+ writeCipher.isCBCMode() && !isFirstAppOutputRecord &&
+ Record.enableCBCProtection;
+ } finally {
+ writeLock.unlock();
+ }
+ }
/*
* Read an application data record. Alerts and handshake
@@ -2034,6 +2066,9 @@
// See comment above.
oldCipher.dispose();
+
+ // reset the flag of the first application record
+ isFirstAppOutputRecord = true;
}
/*