https://bz.apache.org/bugzilla/show_bug.cgi?id=62791
--- Comment #7 from Mark Thomas <ma...@apache.org> --- Looks like I missed something when looking at the OpenJDK code. >From the Oracle JSSE docs: <quote> Note: The SSL/TLS protocols specify that implementations are to produce packets containing at most 16 kilobytes (KB) of plain text. However, some implementations violate the specification and generate large records up to 32 KB. If the SSLEngine.unwrap() code detects large inbound packets, then the buffer sizes returned by SSLSession will be updated dynamically. Applications should always check the BUFFER_OVERFLOW and BUFFER_UNDERFLOW statuses and enlarge the corresponding buffers if necessary. SunJSSE will always send standard compliant 16 KB records and allow incoming 32 KB records. For a workaround, see the System property jsse.SSLEngine.acceptLargeFragments in Customizing JSSE. </quote> If we removed the resizing then any spec non-complaint clients are going to fail until Tomcat is restarted with the above system property set. On balance, I think it is best to leave things as they are. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
