java
protocol_error
ai_generated
true
javax.net.ssl.SSLException: 在收到对等方的 close_notify 之前关闭入站
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
ID: java/ssl-exception-closed-ssl-socket
85%修复率
88%置信度
1证据数
2023-08-15首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Java 8 | active | — | — | — |
| Java 11 | active | — | — | — |
| Java 17 | active | — | — | — |
| Java 21 | active | — | — | — |
根因分析
SSL/TLS 连接在未交换正确的 close_notify 警报的情况下被客户端或服务器关闭,违反了 TLS 协议规范。
English
The SSL/TLS connection is being closed by the client or server without exchanging the proper close_notify alert, violating the TLS protocol specification.
官方文档
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/javax/net/ssl/SSLException.html解决方案
-
Add system property -Djdk.tls.acknowledgeCloseNotify=true to allow graceful handling of missing close_notify messages.
-
Ensure the server sends a proper close_notify alert before closing the socket. In Java, use SSLSocket.close() which automatically sends close_notify, not Socket.close().
-
Catch the SSLException in the client code and treat it as a normal connection termination without retrying.
无效尝试
常见但无效的做法:
-
Set javax.net.ssl.trustStore system property to a custom truststore
90% 失败
This error is not related to truststore configuration; changing trust stores does not affect TLS close_notify handshake behavior.
-
Increase SSL socket timeout using setSoTimeout()
85% 失败
Timeout settings do not control TLS shutdown behavior; the error occurs even with ample timeouts.
-
Disable SSL verification entirely with a custom TrustManager
95% 失败
Disabling verification bypasses certificate checks but does not fix the protocol-level close_notify violation.