# javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify - **ID:** `java/ssl-exception-closed-ssl-socket` - **Domain:** java - **Category:** protocol_error - **Verification:** ai_generated - **Fix Rate:** 85% ## Root Cause The SSL/TLS connection is being closed by the client or server without exchanging the proper close_notify alert, violating the TLS protocol specification. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | Java 8 | active | — | — | | Java 11 | active | — | — | | Java 17 | active | — | — | | Java 21 | active | — | — | ## Workarounds 1. **Add system property -Djdk.tls.acknowledgeCloseNotify=true to allow graceful handling of missing close_notify messages.** (85% success) ``` Add system property -Djdk.tls.acknowledgeCloseNotify=true to allow graceful handling of missing close_notify messages. ``` 2. **Ensure the server sends a proper close_notify alert before closing the socket. In Java, use SSLSocket.close() which automatically sends close_notify, not Socket.close().** (90% success) ``` Ensure the server sends a proper close_notify alert before closing the socket. In Java, use SSLSocket.close() which automatically sends close_notify, not Socket.close(). ``` 3. **Catch the SSLException in the client code and treat it as a normal connection termination without retrying.** (75% success) ``` Catch the SSLException in the client code and treat it as a normal connection termination without retrying. ``` ## Dead Ends - **Set javax.net.ssl.trustStore system property to a custom truststore** — This error is not related to truststore configuration; changing trust stores does not affect TLS close_notify handshake behavior. (90% fail) - **Increase SSL socket timeout using setSoTimeout()** — Timeout settings do not control TLS shutdown behavior; the error occurs even with ample timeouts. (85% fail) - **Disable SSL verification entirely with a custom TrustManager** — Disabling verification bypasses certificate checks but does not fix the protocol-level close_notify violation. (95% fail)