--- a/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java Fri Nov 18 16:13:39 2011 +0800
+++ b/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java Fri Nov 18 11:11:11 2011 -0800
@@ -369,6 +369,11 @@
/* Class and subclass dynamic debugging support */
private static final Debug debug = Debug.getInstance("ssl");
+ /*
+ * Is it the first application record to write?
+ */
+ private boolean isFirstAppOutputRecord = true;
+
//
// CONSTRUCTORS AND INITIALIZATION CODE
//
@@ -802,8 +807,35 @@
if (connectionState < cs_ERROR) {
checkSequenceNumber(writeMAC, r.contentType());
}
+
+ // turn off the flag of the first application record
+ if (isFirstAppOutputRecord &&
+ r.contentType() == Record.ct_application_data) {
+ isFirstAppOutputRecord = false;
+ }
}
+ /*
+ * Need to split the payload except the following cases:
+ *
+ * 1. protocol version is TLS 1.1 or later;
+ * 2. bulk cipher does not use CBC mode, including null bulk cipher suites.
+ * 3. the payload is the first application record of a freshly
+ * negotiated TLS session.
+ * 4. the CBC protection is disabled;
+ *
+ * More details, please refer to AppOutputStream.write(byte[], int, int).
+ */
+ boolean needToSplitPayload() {
+ writeLock.lock();
+ try {
+ return (protocolVersion.v <= ProtocolVersion.TLS10.v) &&
+ writeCipher.isCBCMode() && !isFirstAppOutputRecord &&
+ Record.enableCBCProtection;
+ } finally {
+ writeLock.unlock();
+ }
+ }
/*
* Read an application data record. Alerts and handshake
@@ -2031,6 +2063,9 @@
// See comment above.
oldCipher.dispose();
+
+ // reset the flag of the first application record
+ isFirstAppOutputRecord = true;
}
/*